Medium Severity

Security Bulletin: Information Exposure vulnerability found on IBM Security Secret Server (CVE-2019-4634)

Share this post:

This security bulletin describes plugging some potential, minor yet significant, information leaks by the IBM Security Secret Server Web server.
IBM Security Secret Server may unintentionally disclose information about their underlying technologies through headers, error messages, version numbers, or other identifying information. An attacker can use that information to research vulnerabilities in those technologies to attack the application to breach the system.

Affected Products and Versions

IBM Security Secret Server, All Versions
Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1099773
More Medium Severity stories

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Jan 5, 2020 7:39 pm EST | Medium Severity

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected Products and Versions CPS v3.0.2.0 – 3.0.2.1, ...read more


Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Jan 5, 2020 7:09 pm EST | Medium Severity

IBM Financial Transaction Manager for Check Services (FTM CHK) for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected Products and Versions FTM CHK v3.0.0.0 – 3.0.0.15, ...read more


Security Bulletin: Denial of service vulnerability in WebSphere Application Server Liberty (CVE-2019-12402)

Dec 11, 2019 5:05 pm EST | Medium Severity

There is a denial of service vulnerability in WebSphere Application Server Liberty. This vulnerability has been addressed. Affected Products and Versions These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server: Liberty Refer to the following reference URLs for remediation and additional vulnerability details:   Source Bulletin: https://www.ibm.com/support/pages/node/1074156   ...read more