Input Validation Flaw in IBM Security Secret Server
CVE-2019-4637

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Secret Server
Vendor: CVE Published:; 28 January 2020

What is CVE-2019-4637?

IBM Security Secret Server 10.7 suffers from an input validation vulnerability due to incomplete blacklisting, which can lead attackers to circumvent application controls. This flaw undermines the integrity of the system and data, potentially affecting sensitive information stored within the application. Organizations using this version may be at risk of unauthorized access and manipulation of data, highlighting the importance of utilizing secure validation methods to protect sensitive data.

Affected Version(s)

Security Secret Server 10.7

References

https://www.ibm.com/support/pages/node/1283242

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/170043

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2020
Vulnerability Reserved
Jan 3, 2019