Vulnerabilities > IBM > Security Secret Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-20508 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2021-09-14 | CVE-2021-20569 | Improper Input Validation vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. | 5.0 |
| 2021-09-14 | CVE-2021-20582 | Information Exposure vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. | 5.0 |
| 2020-12-21 | CVE-2020-4843 | Cleartext Storage of Sensitive Information vulnerability in IBM Security Secret Server 10.6 IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. | 4.0 |
| 2020-12-21 | CVE-2020-4842 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6 IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.0 |
| 2020-12-21 | CVE-2020-4841 | Information Exposure vulnerability in IBM Security Secret Server 10.6 IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 4.3 |
| 2020-12-21 | CVE-2020-4840 | Open Redirect vulnerability in IBM Security Secret Server 10.6 IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2020-09-23 | CVE-2020-4340 | Improper Certificate Validation vulnerability in IBM Security Secret Server 10.7/10.7.000059/10.8 IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. | 4.3 |
| 2020-09-23 | CVE-2020-4324 | Improper Input Validation vulnerability in IBM Security Secret Server 10.7/10.7.000059/10.8 IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. | 4.0 |
| 2020-08-04 | CVE-2020-4459 | Use of Hard-coded Credentials vulnerability in IBM Security Secret Server 10.7/10.7.000059 IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |