Vulnerabilities > IBM > Security Secret Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-4413 | Missing Authorization vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-06-24 | CVE-2020-4342 | Unspecified vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. | 5.3 |
| 2020-06-24 | CVE-2020-4341 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-24 | CVE-2020-4327 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-24 | CVE-2020-4323 | Cross-site Scripting vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. | 6.1 |
| 2020-06-24 | CVE-2020-4322 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2020-02-19 | CVE-2019-4640 | Origin Validation Error vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. | 9.8 |
| 2020-01-28 | CVE-2019-4639 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2020-01-28 | CVE-2019-4638 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2020-01-28 | CVE-2019-4637 | Unspecified vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 4.3 |