2 matches found
CVE-2018-1546
IBM API Connect versions 5.0.0.0–5.0.8.3 are affected by CVE-2018-1546 due to failure to properly enable HTTP Strict Transport Security. This can lead to information disclosure via a man-in-the-middle. CVSS v3 base score is 5.9 (Network, High attack complexity, Privileges NONE, User interaction N...
Security Bulletin: IBM API Connect is affected by a Missing HTTP Strict Transport Security vulnerability (CVE-2018-1546)
Summary IBM API Connect has addressed the following vulnerability. IBM API Connect could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information...