ReportizFlow
Filtered by vendor Ibm
Subscriptions
Filtered by product Security Secret Server
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4636 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 2.7 Low |
| IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013. | ||||
| CVE-2019-4635 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 2.7 Low |
| IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. | ||||
| CVE-2019-4633 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.3 Medium |
| IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007. | ||||
| CVE-2019-4632 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 6.1 Medium |
| IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004. | ||||
| CVE-2019-4631 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 6.1 Medium |
| IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001. | ||||