Ibm Security Secret Server — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Security Secret Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2019-4640 — CVSS 9.8 (critical): IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity…
CVE-2020-4459 — CVSS 9.8 (critical): IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound…
CVE-2019-4639 — CVSS 7.5 (high): IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive…
CVE-2020-4323 — CVSS 6.1 (medium): IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2020-4840 — CVSS 6.1 (medium): IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a…
CVE-2019-4632 — CVSS 6.1 (medium): IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2019-4631 — CVSS 6.1 (medium): IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a…
CVE-2020-4413 — CVSS 5.9 (medium): IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable…
CVE-2020-4841 — CVSS 5.9 (medium): IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable…
CVE-2021-20582 — CVSS 5.3 (medium): IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if…
CVE-2020-4327 — CVSS 5.3 (medium): IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is…
CVE-2020-4341 — CVSS 5.3 (medium): IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is…
CVE-2020-4342 — CVSS 5.3 (medium): IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. IBM X-Force…
CVE-2021-20569 — CVSS 5.3 (medium): IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID…
CVE-2020-4842 — CVSS 4.9 (medium): IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is…
CVE-2019-4633 — CVSS 4.3 (medium): IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM…
CVE-2019-4637 — CVSS 4.3 (medium): IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls…
CVE-2021-20508 — CVSS 4.3 (medium): IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message…
CVE-2020-4324 — CVSS 4.3 (medium): IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input…
CVE-2020-4843 — CVSS 4.3 (medium): IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM…
CVE-2020-4340 — CVSS 4.3 (medium): IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force…
CVE-2020-4322 — CVSS 4.3 (medium): IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit…
CVE-2019-4638 — CVSS 3.7 (low): IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker…
CVE-2019-4636 — CVSS 2.7 (low): IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force…
CVE-2019-4635 — CVSS 2.7 (low): IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input…