CVE-2019-4639

Vulnerability

IBM Security Secret Server version 10.7 uses weaker than expected cryptographic algorithms, as described in the security bulletin [1]. This vulnerability affects all versions of IBM Security Secret Server 10.7. The weak cryptography could allow an attacker to decrypt highly sensitive information that is protected by the server.

Exploitation

An unauthenticated attacker with network access to the affected server can exploit the weak cryptographic algorithms. The attack complexity is high (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), meaning that successful exploitation requires specific conditions or additional effort. No user interaction or privileges are required.

Impact

Successful exploitation leads to the disclosure of highly sensitive information. The confidentiality impact is high, while integrity and availability are not affected. An attacker can decrypt data that was intended to be securely stored or transmitted.

Mitigation

IBM released a fix in version 10.7.000059 to address this vulnerability. Users should upgrade to this version or later. No workarounds or mitigations are available. The bulletin was published on 08 January 2020.