2 matches found
Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)
Summary IBM Spectrum Control formerly Tivoli Storage Productivity Center is vulnerable to cross-site scripting and failure to enforce HTTP Strict Transport Security. Vulnerability Details CVEID: CVE-2019-4137 DESCRIPTION: IBM Tivoli Storage Productivity Center is vulnerable to cross-site scriptin...
CVE-2019-4138
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is affected by CVE-2019-4138. Versions 5.2.13–5.2.17.2 and 5.3.0–5.3.2 are vulnerable to information disclosure due to failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive infor...