CVE-2020-4840

EPSS 0.24% · P47 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-4840

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM Security Secret Server 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM Security Secret Server是美国IBM公司的一套特权访问管理解决方案。该产品支持密码管理、特权账号识别和特权会话访问监控记录等功能。 IBM Security Secret Server 10.6 版本存在安全漏洞，该漏洞允许远程攻击者可利用该漏洞使用开放重定向攻击进行钓鱼攻击。通过说服受害者访问一个特别设计的网站，远程攻击者可利用该漏洞可以利用此漏洞欺骗显示的URL，将用户重定向到看似可信的恶意网站。这可能使攻击者可利用该漏洞获得高度敏感的信息或对受害者进行进一步的攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM	Security Secret Server	10.6	-

II. Public POCs for CVE-2020-4840

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-4840

请登录查看更多情报信息。

https://www.ibm.com/support/pages/node/6336251x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/190044vdb-entryx_refsource_XF
https://nvd.nist.gov/vuln/detail/CVE-2020-4840

Same Patch Batch · IBM · 2020-12-21 · 8 CVEs total

CVE-2020-4843		IBM Security Secret Server 信息泄露漏洞
CVE-2020-4841		IBM Security Secret Server 信息泄露漏洞
CVE-2020-4842		IBM Security Secret Server 信息泄露漏洞
CVE-2020-4870		IBM MQ 安全漏洞
CVE-2020-4794		IBM多款产品授权问题漏洞
CVE-2020-4757		IBM Content Navigator和IBM FileNet Content Manager 跨站脚本漏洞
CVE-2020-4555		IBM Financial Transaction Manager 授权问题漏洞

IV. Related Vulnerabilities

Same product: Security Secret Server

Same vendor: IBM

V. Comments for CVE-2020-4840

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-4840

I. Basic Information for CVE-2020-4840

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-4840

III. Intelligence Information for CVE-2020-4840

Same Patch Batch · IBM · 2020-12-21 · 8 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-4840

Leave a comment