Vulnerabilities > IBM > Security Secret Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2019-4636 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. | 4.0 |
| 2020-01-28 | CVE-2019-4635 | Command Injection vulnerability in IBM Security Secret Server 10.7 IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. | 4.0 |
| 2020-01-28 | CVE-2019-4633 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 4.3 |
| 2020-01-28 | CVE-2019-4632 | Cross-site Scripting vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. | 4.3 |
| 2020-01-28 | CVE-2019-4631 | Open Redirect vulnerability in IBM Security Secret Server IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |