CVE-2019-4633
Description
IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Secret Server 10.7 has an overly permissive CORS policy that could allow an attacker to obtain sensitive information.
Vulnerability
IBM Security Secret Server 10.7 and all versions have an overly permissive Cross-Origin Resource Sharing (CORS) policy that allows any origin to read sensitive responses from the login page [1].
Exploitation
An attacker can trick a user into visiting a malicious website. The website can then send a cross-origin request to the SecretServer login page and read the response, potentially obtaining sensitive information [1]. No authentication is needed, but user interaction is required.
Impact
An attacker can obtain sensitive information from the login response, leading to a low confidentiality impact [1]. No integrity or availability impact.
Mitigation
IBM provided a fix: add configuration settings in web-appsettings.config and web.config to specify allowed origins [1]. Apply the fix from the bulletin. No known workarounds.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =10.7
- IBM/Security Secret Serverv5Range: 10.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/170007mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/1283200mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.