25 matches found
CVE-2020-4840
IBM Security Secret Server 10.6 is affected by an open redirect vulnerability that could be exploited by convincing a user to visit a crafted site, allowing the attacker to spoof the displayed URL and redirect to a malicious site. This could facilitate credential or data exposure and enable furth...
CVE-2020-4413
CVE-2020-4413 affects IBM Security Secret Server. The issue stems from failure to properly enable HTTP Strict Transport Security, enabling a remote attacker to obtain sensitive information via MITM. Affected product: IBM Security Secret Server (all editions) with version 10.7. Impact described as...
CVE-2019-4631
IBM Security Secret Server 10.7 and all versions are affected by CVE-2019-4631, an open redirect vulnerability that could enable remote attackers to conduct phishing by steering victims to a crafted site and spoofing the displayed URL to appear trusted. The underlying issue is an open redirect in...
CVE-2020-4322
CVE-2020-4322 affects IBM Security Secret Server (all versions up to 10.7) and describes a clickjacking-style vulnerability where a remote attacker can trick a user into visiting a malicious site to hijack the user’s click actions, potentially enabling further attacks. Root cause indicated: mis-s...
CVE-2021-20508
CVE-2021-20508 affects IBM Security Secret Server up to version 11.0. The vulnerability is an information disclosure caused by detailed error messages returned in the browser, enabling a remote attacker to obtain sensitive data. Remediation: upgrade to the latest release (11.0 or newer) as descri...
CVE-2020-4841
CVE-2020-4841 affects IBM Security Secret Server 10.6. The root cause is failure to properly enable HTTP Strict Transport Security, enabling an information disclosure vulnerability that could be exploited via man-in-the-middle techniques to obtain sensitive information. The issue is documented wi...
CVE-2019-4632
CVE-2019-4632 affects IBM Security Secret Server. IBM’s security bulletin documents a cross-site scripting vulnerability in Secret Server 10.7 that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session. Affected pro...
CVE-2020-4843
The CVE-2020-4843 issue affects IBM Security Secret Server (all versions) where configuration files can disclose sensitive data to an authenticated user. Root causes include information disclosure via stored config files; published CVSS scores range from 4.3 (3.1) to 6.3 (3.0) in IBM advisories, ...
CVE-2019-4635
CVE-2019-4635 affects IBM Security Secret Server (version 10.7 and all versions as per bulletin). The root cause is improper input neutralization of special elements, allowing a privileged user to perform unauthorized command execution. Impact is limited to command injection with a LOW base sever...
CVE-2019-4640
IBM Security Secret Server (all versions) is affected by CVE-2019-4640 due to processing patches, image backups and other updates without proper verification of origin/integrity, which could allow execution of malicious code. The IBM security bulletin confirms the issue and provides a remediation...
CVE-2020-4459
CVE-2020-4459 concerns IBM Security Secret Server (all editions) with a root cause of hard-coded credentials used for authentication, external communication, or internal data encryption. The connected IBM advisory indicates the vulnerability is addressed by upgrading to version 10.8 (remediation)...
CVE-2021-20582
CVE-2021-20582 affects IBM Security Secret Server (now IBM Security Verify Privilege Vault). Affected versions are prior to 11.0 and the root cause is storing sensitive information in URL parameters, which can be exposed via server logs, referrer headers, or browser history. The consequence is po...
CVE-2019-4633
IBM Security Secret Server (affected versions including 10.7) is affected by CVE-2019-4633 due to an overly permissive CORS policy for login, permitting potential information disclosure. The issue is described in IBM’s Security Bulletin and SxF records as a low-to-moderate severity vulnerability ...
CVE-2019-4637
CVE-2019-4637 affects IBM Security Secret Server. The vulnerability stems from incomplete blocklisting used for input validation in Secret Server 10.7, allowing attackers to bypass application controls and potentially impact system integrity and data. IBM’s security bulletin notes this issue has ...
CVE-2019-4639
CVE-2019-4639 affects IBM Security Secret Server. Multiple sources confirm that 10.7 uses weaker-than-expected cryptographic algorithms, potentially allowing an attacker to decrypt highly sensitive information. IBM’s security bulletin states the issue has been addressed in release 10.7.000059, wi...
CVE-2020-4323
CVE-2020-4323 affects IBM Security Secret Server (v10.7). The issue is a cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially enabling credential disclosure within a trusted session. The NVD notes CVSS v3.1 base score 6.1 (AV:N/AC:L/PR:N/UI:R/S:...
CVE-2020-4341
IBM Security Secret Server (affected: 10.7 and earlier) exposes sensitive information via detailed error messages returned in the browser, enabling remote disclosure of confidential data. Root cause: information disclosure from verbose technical errors. Impact: partial confidentiality loss. remed...
CVE-2021-20569
CVE-2021-20569 affects IBM Security Secret Server (up to 11.0). The flaw arises from improper input validation that could allow an attacker to enumerate usernames. The IBM security bulletin notes this as a vulnerability in IBM Security Verify Privilege Vault (formerly Secret Server) with a CVSS v...
CVE-2020-4324
IBM Security Secret Server (formerly IBM Security Verify Privilege Vault) prior to 10.9 is affected by CVE-2020-4324, a vulnerability caused by improper input validation that could allow a remote attacker to bypass security restrictions. The issue affects all versions before 10.9; IBM’s security ...
CVE-2020-4327
CVE-2020-4327 affects IBM Security Secret Server. All versions prior to 10.8 may disclose sensitive information when a detailed browser error message is returned, enabling a remote attacker to obtain data. IBM’s bulletin indicates the workaround is upgrading to version 10.8 (remediation). CVSS me...
CVE-2019-4636
IBM Security Secret Server 10.7 is affected by CVE-2019-4636: an authenticated user could obtain leaked information from error messages. The IBM bulletin lists this among multiple vulnerabilities and notes remediation via upgrade to fixpack 10.7.000059. Root cause details are not provided in the ...
CVE-2020-4340
CVE-2020-4340 affects IBM Security Secret Server (prior to 10.9). The root cause is improper certificate validation, allowing an attacker to bypass SSL security. The NVD entry reports CVSS v3.1 base score of 4.3 (Network, Low/None on some vectors; user interaction required). Connected sources ind...
CVE-2020-4342
CVE-2020-4342 concerns IBM Security Secret Server. The vulnerability allows an unauthorized user to disclose sensitive information contained in installation files. Affected software is IBM Security Secret Server (all versions prior to 10.8, per IBM bulletin). The root cause is an information disc...
CVE-2020-4842
IBM Security Secret Server 10.6 contains an information disclosure vulnerability where a detailed technical error message returned by the browser could reveal sensitive data to a remote attacker, enabling further attacks. Affected product: IBM Security Secret Server (10.6). Root cause: exposure t...
CVE-2019-4638
CVE-2019-4638 affects IBM Security Secret Server. The issue is that 10.x tokens/cookies used for authorization are not marked Secure, enabling potential exposure of sensitive data via man-in-the-middle if cookies are transmitted over non-HTTPS connections. Affected product: IBM Security Secret Se...