Lucene search
K
IbmSecurity Secret Server

25 matches found

CVE
CVE
added 2020/12/21 6:5 p.m.49 views

CVE-2020-4840

IBM Security Secret Server 10.6 is affected by an open redirect vulnerability that could be exploited by convincing a user to visit a crafted site, allowing the attacker to spoof the displayed URL and redirect to a malicious site. This could facilitate credential or data exposure and enable furth...

7.4CVSS5.8AI score0.00897EPSS
CVE
CVE
added 2020/06/24 2:10 p.m.46 views

CVE-2020-4413

CVE-2020-4413 affects IBM Security Secret Server. The issue stems from failure to properly enable HTTP Strict Transport Security, enabling a remote attacker to obtain sensitive information via MITM. Affected product: IBM Security Secret Server (all editions) with version 10.7. Impact described as...

5.9CVSS5.3AI score0.01206EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.45 views

CVE-2019-4631

IBM Security Secret Server 10.7 and all versions are affected by CVE-2019-4631, an open redirect vulnerability that could enable remote attackers to conduct phishing by steering victims to a crafted site and spoofing the displayed URL to appear trusted. The underlying issue is an open redirect in...

7.4CVSS6AI score0.00784EPSS
CVE
CVE
added 2020/06/24 2:10 p.m.45 views

CVE-2020-4322

CVE-2020-4322 affects IBM Security Secret Server (all versions up to 10.7) and describes a clickjacking-style vulnerability where a remote attacker can trick a user into visiting a malicious site to hijack the user’s click actions, potentially enabling further attacks. Root cause indicated: mis-s...

4.3CVSS4.5AI score0.01046EPSS
CVE
CVE
added 2021/09/14 1:25 p.m.45 views

CVE-2021-20508

CVE-2021-20508 affects IBM Security Secret Server up to version 11.0. The vulnerability is an information disclosure caused by detailed error messages returned in the browser, enabling a remote attacker to obtain sensitive data. Remediation: upgrade to the latest release (11.0 or newer) as descri...

4.3CVSS4.4AI score0.00943EPSS
CVE
CVE
added 2020/12/21 6:5 p.m.44 views

CVE-2020-4841

CVE-2020-4841 affects IBM Security Secret Server 10.6. The root cause is failure to properly enable HTTP Strict Transport Security, enabling an information disclosure vulnerability that could be exploited via man-in-the-middle techniques to obtain sensitive information. The issue is documented wi...

5.9CVSS5.5AI score0.01192EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.43 views

CVE-2019-4632

CVE-2019-4632 affects IBM Security Secret Server. IBM’s security bulletin documents a cross-site scripting vulnerability in Secret Server 10.7 that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session. Affected pro...

6.1CVSS5.8AI score0.0073EPSS
CVE
CVE
added 2020/12/21 6:5 p.m.43 views

CVE-2020-4843

The CVE-2020-4843 issue affects IBM Security Secret Server (all versions) where configuration files can disclose sensitive data to an authenticated user. Root causes include information disclosure via stored config files; published CVSS scores range from 4.3 (3.1) to 6.3 (3.0) in IBM advisories, ...

6.3CVSS4AI score0.00495EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.42 views

CVE-2019-4635

CVE-2019-4635 affects IBM Security Secret Server (version 10.7 and all versions as per bulletin). The root cause is improper input neutralization of special elements, allowing a privileged user to perform unauthorized command execution. Impact is limited to command injection with a LOW base sever...

4CVSS4.4AI score0.00937EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.42 views

CVE-2019-4640

IBM Security Secret Server (all versions) is affected by CVE-2019-4640 due to processing patches, image backups and other updates without proper verification of origin/integrity, which could allow execution of malicious code. The IBM security bulletin confirms the issue and provides a remediation...

9.8CVSS8.9AI score0.00523EPSS
CVE
CVE
added 2020/08/04 4:0 p.m.42 views

CVE-2020-4459

CVE-2020-4459 concerns IBM Security Secret Server (all editions) with a root cause of hard-coded credentials used for authentication, external communication, or internal data encryption. The connected IBM advisory indicates the vulnerability is addressed by upgrading to version 10.8 (remediation)...

9.8CVSS9AI score0.01029EPSS
CVE
CVE
added 2021/09/14 1:25 p.m.41 views

CVE-2021-20582

CVE-2021-20582 affects IBM Security Secret Server (now IBM Security Verify Privilege Vault). Affected versions are prior to 11.0 and the root cause is storing sensitive information in URL parameters, which can be exposed via server logs, referrer headers, or browser history. The consequence is po...

5.3CVSS5AI score0.0084EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.40 views

CVE-2019-4633

IBM Security Secret Server (affected versions including 10.7) is affected by CVE-2019-4633 due to an overly permissive CORS policy for login, permitting potential information disclosure. The issue is described in IBM’s Security Bulletin and SxF records as a low-to-moderate severity vulnerability ...

4.3CVSS4.2AI score0.00921EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.40 views

CVE-2019-4637

CVE-2019-4637 affects IBM Security Secret Server. The vulnerability stems from incomplete blocklisting used for input validation in Secret Server 10.7, allowing attackers to bypass application controls and potentially impact system integrity and data. IBM’s security bulletin notes this issue has ...

4.3CVSS4.9AI score0.00736EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.40 views

CVE-2019-4639

CVE-2019-4639 affects IBM Security Secret Server. Multiple sources confirm that 10.7 uses weaker-than-expected cryptographic algorithms, potentially allowing an attacker to decrypt highly sensitive information. IBM’s security bulletin states the issue has been addressed in release 10.7.000059, wi...

7.5CVSS7.3AI score0.00792EPSS
CVE
CVE
added 2020/06/24 2:10 p.m.40 views

CVE-2020-4323

CVE-2020-4323 affects IBM Security Secret Server (v10.7). The issue is a cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially enabling credential disclosure within a trusted session. The NVD notes CVSS v3.1 base score 6.1 (AV:N/AC:L/PR:N/UI:R/S:...

6.1CVSS5.8AI score0.0073EPSS
CVE
CVE
added 2020/06/24 2:10 p.m.40 views

CVE-2020-4341

IBM Security Secret Server (affected: 10.7 and earlier) exposes sensitive information via detailed error messages returned in the browser, enabling remote disclosure of confidential data. Root cause: information disclosure from verbose technical errors. Impact: partial confidentiality loss. remed...

5.3CVSS4.8AI score0.01416EPSS
CVE
CVE
added 2021/09/14 1:25 p.m.39 views

CVE-2021-20569

CVE-2021-20569 affects IBM Security Secret Server (up to 11.0). The flaw arises from improper input validation that could allow an attacker to enumerate usernames. The IBM security bulletin notes this as a vulnerability in IBM Security Verify Privilege Vault (formerly Secret Server) with a CVSS v...

5.3CVSS5.2AI score0.00913EPSS
CVE
CVE
added 2020/09/23 1:45 p.m.38 views

CVE-2020-4324

IBM Security Secret Server (formerly IBM Security Verify Privilege Vault) prior to 10.9 is affected by CVE-2020-4324, a vulnerability caused by improper input validation that could allow a remote attacker to bypass security restrictions. The issue affects all versions before 10.9; IBM’s security ...

4.3CVSS4.8AI score0.01242EPSS
CVE
CVE
added 2020/06/24 2:10 p.m.38 views

CVE-2020-4327

CVE-2020-4327 affects IBM Security Secret Server. All versions prior to 10.8 may disclose sensitive information when a detailed browser error message is returned, enabling a remote attacker to obtain data. IBM’s bulletin indicates the workaround is upgrading to version 10.8 (remediation). CVSS me...

5.3CVSS4.8AI score0.0113EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.37 views

CVE-2019-4636

IBM Security Secret Server 10.7 is affected by CVE-2019-4636: an authenticated user could obtain leaked information from error messages. The IBM bulletin lists this among multiple vulnerabilities and notes remediation via upgrade to fixpack 10.7.000059. Root cause details are not provided in the ...

4CVSS4.6AI score0.00803EPSS
CVE
CVE
added 2020/09/23 1:45 p.m.37 views

CVE-2020-4340

CVE-2020-4340 affects IBM Security Secret Server (prior to 10.9). The root cause is improper certificate validation, allowing an attacker to bypass SSL security. The NVD entry reports CVSS v3.1 base score of 4.3 (Network, Low/None on some vectors; user interaction required). Connected sources ind...

4.3CVSS4.8AI score0.00685EPSS
CVE
CVE
added 2020/06/24 2:10 p.m.36 views

CVE-2020-4342

CVE-2020-4342 concerns IBM Security Secret Server. The vulnerability allows an unauthorized user to disclose sensitive information contained in installation files. Affected software is IBM Security Secret Server (all versions prior to 10.8, per IBM bulletin). The root cause is an information disc...

5.3CVSS4.8AI score0.01067EPSS
CVE
CVE
added 2020/12/21 6:5 p.m.36 views

CVE-2020-4842

IBM Security Secret Server 10.6 contains an information disclosure vulnerability where a detailed technical error message returned by the browser could reveal sensitive data to a remote attacker, enabling further attacks. Affected product: IBM Security Secret Server (10.6). Root cause: exposure t...

4.9CVSS4.9AI score0.01093EPSS
CVE
CVE
added 2020/01/28 6:30 p.m.35 views

CVE-2019-4638

CVE-2019-4638 affects IBM Security Secret Server. The issue is that 10.x tokens/cookies used for authorization are not marked Secure, enabling potential exposure of sensitive data via man-in-the-middle if cookies are transmitted over non-HTTPS connections. Affected product: IBM Security Secret Se...

4.3CVSS4AI score0.00792EPSS