Vulnerabilities > IBM > Security Secret Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-4342 | Unspecified vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could disclose sensitive information included in installation files to an unauthorized user. | 5.3 |
| 2020-06-24 | CVE-2020-4341 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-24 | CVE-2020-4327 | Information Exposure Through an Error Message vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
| 2020-06-24 | CVE-2020-4323 | Cross-site Scripting vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. | 6.1 |
| 2020-06-24 | CVE-2020-4322 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Security Secret Server 10.6/10.7/10.7.000059 IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2020-01-28 | CVE-2019-4637 | Unspecified vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. | 4.3 |
| 2020-01-28 | CVE-2019-4633 | Exposure of Resource to Wrong Sphere vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. | 4.3 |
| 2020-01-28 | CVE-2019-4632 | Cross-site Scripting vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. | 6.1 |
| 2020-01-28 | CVE-2019-4631 | Open Redirect vulnerability in IBM Security Secret Server 10.6/10.7 IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |