Description
IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610.
CVSS breakdown
CVSS 3.0
Availability
None
Attack Complexity
High
Attack Vector
Network
Confidentiality
High
Integrity
None
Privileges Required
None
Scope
Unchanged
User Interaction
None
E
Unchanged
RC
Changed
RL
O
Affected products
- ibm / Security Access Manager9.0.0.1 – 9.0.0.1
- ibm / Security Access Manager7.0.0 – 7.0.0
- ibm / Security Access Manager8.0.0 – 8.0.0
- ibm / Security Access Manager8.0.0.1 – 8.0.0.1
- ibm / Security Access Manager8.0.0.2 – 8.0.0.2
- ibm / Security Access Manager8.0.0.3 – 8.0.0.3
- ibm / Security Access Manager8.0.0.4 – 8.0.0.4
- ibm / Security Access Manager8.0.0.5 – 8.0.0.5
- ibm / Security Access Manager8.0.1 – 8.0.1
- ibm / Security Access Manager8.0.1.2 – 8.0.1.2
- ibm / Security Access Manager8.0.1.3 – 8.0.1.3
- ibm / Security Access Manager8.0.1.4 – 8.0.1.4
- ibm / Security Access Manager9.0.0 – 9.0.0
- ibm / Security Access Manager9.0.1.0 – 9.0.1.0
- ibm / Security Access Manager9.0.2.0 – 9.0.2.0
- ibm / Security Access Manager8.0.1.5 – 8.0.1.5
- ibm / Security Access Manager9.0.2.1 – 9.0.2.1
- ibm / Security Access Manager9.0.3 – 9.0.3
- ibm / Security Access Manager9.0.3.1 – 9.0.3.1
- ibm / Security Access Manager8.0.1.6 – 8.0.1.6