Security Bulletin: IBM Security Information Queue does not prevent caching of sensitive pages

Summary IBM Security Information Queue ISIQ allows web pages containing sensitive content to be cached by a browser and thus become vulnerable to attackers or malware. As of v1.0.3, the ISIQ web server instructs the browser to not cache the content. Vulnerability Details CVEID: CVE-2019-4218...

Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack

Summary The IBM Security Information Queue ISIQ web application is vulnerable to a clickjacking attack in which an untrusted page could get embedded into another frame or object. As of v1.0.3, the ISIQ web server disallows browsers from embedding content. Vulnerability Details CVEID: CVE-2019-421...

Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases

Summary The initial versions of IBM Security Information Queue ISIQ disclose internal data left over from the product development and Beta phases. In most cases, the data is specific to ISIQ's development environment and not useful to an attacker. Some of it, however, such as ISIQ's exact HTTP...