Information Disclosure in IBM Security Secret Server by IBM
CVE-2020-4843

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Security Secret Server
Vendor: CVE Published:; 21 December 2020

What is CVE-2020-4843?

IBM Security Secret Server 10.6 has a vulnerability where potentially sensitive information is stored in configuration files. These files can be accessed by authenticated users, which raises significant privacy and security concerns. Proper management of configuration settings is essential to prevent unauthorized access to sensitive data.

Affected Version(s)

Security Secret Server 10.6

References

https://www.ibm.com/support/pages/node/6250375

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/190048

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2020
Vulnerability Reserved
Dec 30, 2019