Lucene search
IBM6A13E61FCD573CC56A336173FDC90D6FBE2ED163E109B91EDCFA9FEE82AE5FE1HistoryJul 24, 2020 - 9:16 p.m.
Security Bulletin: CVE-2019-4667 Lack of Built in HSTS option
2020-07-2421:16:35
www.ibm.com
5
0.002 Low
EPSS
Percentile
64.6%
Summary
Lack of Built in HSTS option in IBM Urbancode Deploy (UCD)
Vulnerability Details
CVEID:CVE-2019-4667
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171249 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| UCD - IBM UrbanCode Deploy | All |
Remediation/Fixes
Upgrade to 7.0.5.2 or later, consult release notes.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm urbancode deploy | eq | 7.0.5.2 |
Related
nvd
nvd
CVE-2019-4667
2020-05-11 18:15:11
cvelist
cvelist
CVE-2019-4667
2020-05-08 00:00:00
cve
cve
CVE-2019-4667
2020-05-11 18:15:11
prion
prion
Information disclosure
2020-05-11 18:15:00
0.002 Low
EPSS
Percentile
64.6%
Related for 6A13E61FCD573CC56A336173FDC90D6FBE2ED163E109B91EDCFA9FEE82AE5FE1