CVE-2020-4843
Description
IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-4843: IBM Security Secret Server 10.6 stores sensitive information in config files readable by authenticated users, fixed in version 10.8.
Vulnerability
IBM Security Secret Server 10.6 stores potentially sensitive information in configuration files that could be read by an authenticated user [1]. The vulnerability affects all versions of the product [1]. The fix is included in version 10.8 [1].
Exploitation
An attacker must be an authenticated user of the affected system [1]. No special privileges beyond authentication are required to read the configuration files that contain sensitive information. The network attack vector is accessible remotely but requires high attack complexity [1].
Impact
Successful exploitation leads to exposure of sensitive information stored in configuration files [1]. The confidentiality impact is high, with no impact on integrity or availability. The CVSS v3.0 base score is 6.3, with a vector of (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N) [1].
Mitigation
IBM has addressed this vulnerability by releasing IBM Security Secret Server version 10.8 [1]. Users should upgrade to version 10.8 following the instructions in the vendor advisory [1]. No workarounds or mitigations are available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 10.6
- IBM/Security Secret Serverv5Range: 10.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/190048mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6250375mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.