Ibm Security Secret Server vulnerabilities

CVE-2019-4632 [MEDIUM] CWE-79 CVE-2019-4632: IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows use IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004.

CVE-2019-4633 [MEDIUM] CWE-668 CVE-2019-4633: IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an ov IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.

CVE-2019-4636 [LOW] CWE-209 CVE-2019-4636: IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from g IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.

CVE-2019-4635 [LOW] CWE-77 CVE-2019-4635: IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command inject IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.

CVE-2019-4638 [LOW] CWE-565 CVE-2019-4638: IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.