Vulnerabilities > IBM > Security Secret Server > 10.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-4413 | Missing Authorization vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-06-24 | CVE-2020-4342 | Unspecified vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. | 5.3 |
| 2020-06-24 | CVE-2020-4341 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-24 | CVE-2020-4327 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-24 | CVE-2020-4323 | Cross-site Scripting vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. | 6.1 |
| 2020-06-24 | CVE-2020-4322 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2020-01-28 | CVE-2019-4639 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-01-28 | CVE-2019-4638 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2020-01-28 | CVE-2019-4637 | Unspecified vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 4.3 |
| 2020-01-28 | CVE-2019-4636 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. | 2.7 |