Vulnerabilities > IBM > Security Secret Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-20508 Information Exposure Through an Error Message vulnerability in IBM Security Secret Server
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2021-09-14 CVE-2021-20569 Improper Input Validation vulnerability in IBM Security Secret Server
IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation.
network
low complexity
ibm CWE-20
5.3
2021-09-14 CVE-2021-20582 Information Exposure vulnerability in IBM Security Secret Server
IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
5.3
2020-12-21 CVE-2020-4843 Cleartext Storage of Sensitive Information vulnerability in IBM Security Secret Server 10.6
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user.
network
low complexity
ibm CWE-312
4.3
2020-12-21 CVE-2020-4842 Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.9
2020-12-21 CVE-2020-4841 Missing Authorization vulnerability in IBM Security Secret Server 10.6
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-862
5.9
2020-12-21 CVE-2020-4840 Open Redirect vulnerability in IBM Security Secret Server 10.6
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
2020-09-23 CVE-2020-4340 Improper Certificate Validation vulnerability in IBM Security Secret Server
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation.
network
low complexity
ibm CWE-295
4.3
2020-09-23 CVE-2020-4324 Improper Input Validation vulnerability in IBM Security Secret Server
IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation.
network
low complexity
ibm CWE-20
4.3
2020-06-24 CVE-2020-4413 Missing Authorization vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-862
5.9