Security Secret Server Security Vulnerabilities and Issues — Security Secret Server CVE List

Lucene search

IbmSecurity Secret Server

10 matches found

CVE•added 2020/06/24 2:15 p.m.•35 views

CVE-2020-4322

IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the vi...

4.3CVSS4.5AI score0.00208EPSS

CVE•added 2020/01/28 7:15 p.m.•33 views

CVE-2019-4635

IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.

4CVSS4.4AI score0.01023EPSS

CVE•added 2021/09/14 2:15 p.m.•33 views

CVE-2021-20508

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.

4.3CVSS4.4AI score0.0013EPSS

CVE•added 2020/01/28 7:15 p.m.•30 views

CVE-2019-4637

IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043.

4.3CVSS4.9AI score0.00141EPSS

CVE•added 2020/01/28 7:15 p.m.•29 views

CVE-2019-4633

IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.

4.3CVSS4.2AI score0.00284EPSS

CVE•added 2020/01/28 7:15 p.m.•29 views

CVE-2019-4636

IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.

4CVSS4.6AI score0.00246EPSS

CVE•added 2020/09/23 2:15 p.m.•28 views

CVE-2020-4324

IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.

4.3CVSS4.8AI score0.00034EPSS

CVE•added 2020/09/23 2:15 p.m.•26 views

CVE-2020-4340

IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.

4.3CVSS4.8AI score0.00025EPSS

CVE•added 2020/12/21 6:15 p.m.•26 views

CVE-2020-4842

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046.

4.9CVSS4.9AI score0.00156EPSS

CVE•added 2020/01/28 7:15 p.m.•25 views

CVE-2019-4638

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.

4.3CVSS4AI score0.00284EPSS