Skip to main content

Security Secret Server

16 CVEs product

Monthly

CVE-2021-20582 MEDIUM This Month

IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20569 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20508 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-4843 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-4842 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-4841 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4840 MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Security Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-4340 MEDIUM This Month

IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-4324 MEDIUM This Month

IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-4459 CRITICAL PATCH Act Now

IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-4413 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4342 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4341 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4327 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-4323 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Secret Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-4322 MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Open Redirect Security Secret Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Secret Server
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Secret Server
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Secret Server
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Security Secret Server
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Secret Server
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Secret Server
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS IBM Security Secret Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy