Server Security
by F-Secure
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-26155 | 0.00 | — | 0.00 | Mar 18, 2021 | Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable… | |||
| CVE-2020-4842 | 0.00 | — | 0.01 | Dec 21, 2020 | IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046. | |||
| CVE-2020-4841 | 0.00 | — | 0.01 | Dec 21, 2020 | IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | |||
| CVE-2020-4607 | 0.00 | — | 0.00 | Sep 29, 2020 | IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884. | |||
| CVE-2020-4340 | 0.00 | — | 0.01 | Sep 23, 2020 | IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. | |||
| CVE-2020-4413 | 0.00 | — | 0.01 | Jun 24, 2020 | IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | |||
| CVE-2020-4323 | 0.00 | — | 0.01 | Jun 24, 2020 | IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | |||
| CVE-2019-4640 | 0.00 | — | 0.01 | Feb 19, 2020 | IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. | |||
| CVE-2019-4638 | 0.00 | — | 0.01 | Jan 28, 2020 | IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044. | |||
| CVE-2019-4637 | 0.00 | — | 0.01 | Jan 28, 2020 | IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043. | |||
| CVE-2013-7369 | 0.00 | — | 0.01 | Apr 18, 2014 | SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server… |
- CVE-2020-26155Mar 18, 2021risk 0.00cvss —epss 0.00
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable…
- CVE-2020-4842Dec 21, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046.
- CVE-2020-4841Dec 21, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- CVE-2020-4607Sep 29, 2020risk 0.00cvss —epss 0.00
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
- CVE-2020-4340Sep 23, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.
- CVE-2020-4413Jun 24, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- CVE-2020-4323Jun 24, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- CVE-2019-4640Feb 19, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
- CVE-2019-4638Jan 28, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.
- CVE-2019-4637Jan 28, 2020risk 0.00cvss —epss 0.01
IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043.
- CVE-2013-7369Apr 18, 2014risk 0.00cvss —epss 0.01
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server…
Page 2 of 2