Description
IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 127341.
CVSS breakdown
CVSS 3.0
Availability
None
Attack Complexity
High
Attack Vector
Network
Confidentiality
High
Integrity
None
Privileges Required
None
Scope
Unchanged
User Interaction
None
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / Security Identity Governance and Intelligence5.2 – 5.2
- ibm / Security Identity Governance and Intelligence5.2.1 – 5.2.1
- ibm / Security Identity Governance and Intelligence5.2.2 – 5.2.2
- ibm / Security Identity Governance and Intelligence5.2.2.1 – 5.2.2.1
- ibm / Security Identity Governance and Intelligence5.2.3 – 5.2.3
- ibm / Security Identity Governance and Intelligence5.2.3.1 – 5.2.3.1
- ibm / Security Identity Governance and Intelligence5.2.3.2 – 5.2.3.2