CVE-2019-4632
Description
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170004.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting (XSS) allowing arbitrary JavaScript execution, potentially leading to credential disclosure.
Vulnerability
IBM Security Secret Server version 10.7 (and possibly earlier) is affected by a cross-site scripting (XSS) vulnerability in the Web UI. An attacker can inject arbitrary JavaScript code into the interface, which is then executed in the context of the victim's session [1].
Exploitation
An attacker can inject malicious JavaScript via input fields or other means, such as by crafting a link or storing code in a publicly viewable area. The victim must be logged into the affected application and interact with the crafted content (e.g., click a link or view a page). No authentication is required to inject the code, but the victim must be authenticated for the attack to succeed [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session, potentially capturing credentials or other sensitive data displayed in the Web UI. The impact is limited to the scope of the victim's session, with no effect on availability [1].
Mitigation
IBM released fixpack 10.7.000059 to address this vulnerability. Users should upgrade to this version or later. No workarounds are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 10.7
- IBM/Security Secret Serverv5Range: 10.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/170004mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/1283254mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.