Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2019-4639 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2020-01-28 | CVE-2019-4638 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2020-01-28 | CVE-2019-4637 | Unspecified vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 4.0 |
| 2020-01-28 | CVE-2019-4636 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. | 4.0 |
| 2020-01-28 | CVE-2019-4635 | Command Injection vulnerability in IBM Security Secret Server 10.7 IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. | 4.0 |
| 2020-01-28 | CVE-2019-4633 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 4.3 |
| 2020-01-28 | CVE-2019-4632 | Cross-site Scripting vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. | 4.3 |
| 2020-01-28 | CVE-2019-4631 | Open Redirect vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2020-01-28 | CVE-2019-4620 | Improper Input Validation vulnerability in IBM MQ Appliance IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. | 4.6 |
| 2020-01-28 | CVE-2019-4614 | Improper Input Validation vulnerability in IBM MQ and MQ Appliance IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. | 4.0 |