Vulnerabilities > IBM > Security Secret Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2019-4635 | Command Injection vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. | 2.7 |
| 2020-01-28 | CVE-2019-4636 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. | 2.7 |
| 2020-01-28 | CVE-2019-4638 | Reliance on Cookies without Validation and Integrity Checking vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |