Information disclosure

2021-05-1417:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.0%

JSON

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235.

CPENameOperatorVersion
cloud_pak_for_securityeq1.4.0.0
cloud_pak_for_securityeq1.5.0.0
cloud_pak_for_securityeq1.5.0.1
cloud_pak_for_securityeq1.6.0.0
cloud_pak_for_securityeq1.6.0.1

Name	Operator	Version
cloud_pak_for_security	eq	1.4.0.0
cloud_pak_for_security	eq	1.5.0.0
cloud_pak_for_security	eq	1.5.0.1
cloud_pak_for_security	eq	1.6.0.0
cloud_pak_for_security	eq	1.6.0.1