Ibm Security Secret Server vulnerabilities

CVE-2019-4631 [MEDIUM] CWE-601 CVE-2019-4631: IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow

CVE-2019-4633 [MEDIUM] CWE-668 CVE-2019-4633: IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an ov IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.

CVE-2019-4636 [LOW] CWE-209 CVE-2019-4636: IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from g IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013.

CVE-2019-4638 [LOW] CWE-565 CVE-2019-4638: IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.

CVE-2019-4635 [LOW] CWE-77 CVE-2019-4635: IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command inject IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.