CVE-2019-4635
Description
IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Secret Server 10.7 allows privileged users to inject commands due to improper input neutralization, enabling unauthorized command execution.
Vulnerability
IBM Security Secret Server version 10.7 (and all prior versions) contains a command injection vulnerability in its input handling. The software fails to properly neutralize special elements, allowing a privileged user to inject arbitrary commands. The affected product is IBM Security Secret Server, all versions prior to the fixpack release 10.7.000059 [1].
Exploitation
An attacker must possess high privileges (e.g., administrator or equivalent) to exploit this vulnerability. The attack vector is network-based (CVSS:3.0/AV:N) and requires no user interaction. The attacker sends specially crafted input that is not sanitized, leading to command injection with low complexity [1].
Impact
Successful exploitation results in the attacker executing arbitrary commands on the server, affecting integrity (low impact) but not confidentiality or availability according to the CVSS vector [1]. The attacker can perform unauthorized actions at the privilege level already held.
Mitigation
IBM released fixpack version 10.7.000059 to remediate this vulnerability. Users should upgrade to this version or later. No workarounds or mitigations are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 10.7
- IBM/Security Secret Serverv5Range: 10.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/170011mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/1283212mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.