CVE-2019-4631
Description
IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Secret Server 10.7 contains an open redirect vulnerability that could allow a remote attacker to conduct phishing attacks by spoofing a trusted URL.
Vulnerability
IBM Security Secret Server 10.7 (all versions prior to fixpack 10.7.000059) contains an open redirect vulnerability. An attacker can craft a specially-crafted URL that, when visited by a victim, redirects them to an arbitrary external site. The vulnerability exists in the web application's handling of redirect parameters. [1]
Exploitation
An attacker can exploit this vulnerability by sending a phishing link to a victim, persuading them to click on it. No authentication is required, and the attack is performed remotely over the network. The victim must interact by clicking the link. The attacker can spoof the URL displayed to appear as a trusted IBM Security Secret Server domain, but the actual redirect goes to a malicious site. [1]
Impact
Successful exploitation allows the attacker to redirect users to a malicious website that appears trusted. This can lead to the disclosure of sensitive information or further attacks against the victim, such as credential theft or malware installation. The CVSS score is 7.4 (High) with integrity impact high, scope changed, and no confidentiality or availability impact. [1]
Mitigation
IBM released fixpack 10.7.000059 to address this vulnerability. Users should upgrade to this version or later. No workarounds are available. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog as of the publication date. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 10.7
- IBM/Security Secret Serverv5Range: 10.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/170001mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/1283224mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.