2 matches found
Security Bulletin: IBM Security Verify Information Queue does not always enable HTTP Strict Transport Security when sending error responses (CVE-2021-20409)
Summary The web server in IBM Security Verify Information Queue ISIQ does not add the HTTP Strict Transport Security header in its internally generated error responses. Consequently, a remote attacker could obtain sensitive information from an insecure HTTP connection. As of v10.0.0, ISIQ is...
CVE-2021-20409
IBM Security Verify Information Queue versions 1.0.6 and 1.0.7 are affected by CVE-2021-20409 due to failure to properly enable HTTP Strict Transport Security (HSTS) in internally generated error responses. This can allow a remote attacker to obtain sensitive information via man-in-the-middle tec...