Vulnerabilities > IBM > Security Secret Server > 10.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-20508 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 4.3 |
| 2021-09-14 | CVE-2021-20569 | Improper Input Validation vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. | 5.3 |
| 2021-09-14 | CVE-2021-20582 | Information Exposure vulnerability in IBM Security Secret Server IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. | 5.3 |
| 2020-09-23 | CVE-2020-4340 | Improper Certificate Validation vulnerability in IBM Security Secret Server IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. | 4.3 |
| 2020-09-23 | CVE-2020-4324 | Improper Input Validation vulnerability in IBM Security Secret Server IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. | 4.3 |
| 2020-08-04 | CVE-2020-4459 | Use of Hard-coded Credentials vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-06-24 | CVE-2020-4413 | Missing Authorization vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-06-24 | CVE-2020-4342 | Unspecified vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. | 5.3 |
| 2020-06-24 | CVE-2020-4341 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-24 | CVE-2020-4327 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |