Information Disclosure in IBM Security Secret Server by Storing Sensitive Data in URL Parameters
CVE-2021-20582

3.7LOW

Key Information:

Vendor: IBM
Status: Security Secret Server
Vendor: CVE Published:; 14 September 2021

Summary

IBM Security Secret Server, up to version 11.0, potentially exposes sensitive information through URL parameters. If unauthorized parties gain access to these URLs—via server logs, referrer headers, or browser history—they could exploit this weakness, leading to unintentional data leakage. Addressing this issue is critical to maintaining confidentiality and integrity for users relying on this system.

Affected Version(s)

Security Secret Server 10.0

References

https://www.ibm.com/support/pages/node/6488459

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/199328

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Dec 17, 2020