Lucene search

[email protected]CVE-2021-39090

HistoryFeb 29, 2024 - 3:15 a.m.

CVE-2021-39090

2024-02-2903:15:00

CWE-311

[email protected]

web.nvd.nist.gov

ibm

cloud pak

security

cp4s

remote attack

sensitive information

cve-2021-39090

ibm x-force id

nvd

5.9 Medium

CVSS3

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.

VendorProductVersionCPE
ibmcloud_pak_for_security*cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cloud_pak_for_security	*	cpe:2.3:a:ibm:cloud_pak_for_security::::::::

References

exchange.xforce.ibmcloud.com/vulnerabilities/216388

www.ibm.com/support/pages/node/6856407