Information Disclosure in IBM Security Secret Server by IBM
CVE-2020-4843

6.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
21 December 2020

Summary

IBM Security Secret Server 10.6 has a vulnerability where potentially sensitive information is stored in configuration files. These files can be accessed by authenticated users, which raises significant privacy and security concerns. Proper management of configuration settings is essential to prevent unauthorized access to sensitive data.

Affected Version(s)

Security Secret Server 10.6

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.