Unrated severityNVD Advisory· Published Dec 21, 2020· Updated Sep 16, 2024

CVE-2020-4840

Description

IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Security Secret Server 10.6 contains an open redirect vulnerability that could allow a remote attacker to conduct phishing attacks via specially crafted URLs.

Vulnerability

IBM Security Secret Server version 10.6 is vulnerable to an open redirect attack. By crafting a URL that appears to be from the trusted domain but redirects to a malicious site, an unauthenticated remote attacker can exploit this flaw. The vulnerability exists due to improper validation of user-supplied input in URL redirectors.

Exploitation

An attacker can exploit this vulnerability by creating a specially crafted web link and persuading a victim to click on it. The attacker does not require authentication or any special network position. The victim must be convinced to visit the crafted URL, enabling the open redirect.

Impact

Successful exploitation allows the attacker to redirect the victim to a malicious website that appears to be trusted. This can lead to phishing attacks, where the attacker obtains highly sensitive information (e.g., credentials) or conducts further attacks against the victim.

Mitigation

IBM has addressed this vulnerability in version 10.8 of IBM Security Secret Server [1]. Users should upgrade to version 10.8 or later. No workaround is available. If unable to upgrade, consider implementing URL validation and user awareness training as interim measures.

References

Security Bulletin: Multiple Vulnerabilities Have Been Identified In IBM Security Verify Privilege Manager previously known as IBM Security Privilege Manager

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/IBM Security Secret Serverllm-fuzzy
Range: =10.6
IBM/Security Secret Serverv5
Range: 10.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

exchange.xforce.ibmcloud.com/vulnerabilities/190044mitrevdb-entryx_refsource_XF
www.ibm.com/support/pages/node/6336251mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000