VYPR

Server Security

by F-Secure

CVEs (31)

  • CVE-2020-26155Mar 18, 2021
    risk 0.00cvss epss 0.00

    Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable…

  • CVE-2020-4842Dec 21, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046.

  • CVE-2020-4841Dec 21, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2020-4607Sep 29, 2020
    risk 0.00cvss epss 0.00

    IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.

  • CVE-2020-4340Sep 23, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.

  • CVE-2020-4413Jun 24, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2020-4323Jun 24, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2019-4640Feb 19, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.

  • CVE-2019-4638Jan 28, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.

  • CVE-2019-4637Jan 28, 2020
    risk 0.00cvss epss 0.01

    IBM Security Secret Server 10.7 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 170043.

  • CVE-2013-7369Apr 18, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server…

Page 2 of 2