13 matches found
CVE-2019-4161
CVE-2019-4161 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2. The issue discloses internal data left over from development/beta phases to unauthorized users, enabling potential follow-on attacks. IBM’s bulletin confirms a fix in 1.0.3 and later; upgrade to 1.0.3+ or apply the ...
CVE-2019-4162
IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2 are affected by missing HTTP Strict Transport Security (HSTS) headers, enabling potential exposure where users may navigate to an unencrypted version of the web app or accept invalid TLS certificates. The issue stems from ISIQ not enforci...
CVE-2019-4217
IBM Security Information Queue (ISIQ) vulnerable in versions 1.0.0–1.0.2 to a remote clickjacking attack: a malicious site can cause a victim’s clicking actions to be hijacked. The issue is fixed in ISIQ 1.0.3, where the web server disallows framing content. Remediation: upgrade to 1.0.3 or later...
CVE-2019-4218
CVE-2019-4218 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2. The issue: web pages containing sensitive content could be stored locally and read by another user on the same system, implying local access risk. The vulnerability is tied to ISIQ’s handling/cache behavior, enablin...
CVE-2019-4219
IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2 disclose sensitive data via error messages, enabling information disclosure as described in multiple sources (NVD/CNVD/IBM bulletin). Root cause: error messages reveal internal data. Impact: confidentiality exposure; no exploitation detai...
CVE-2020-4282
ISIQ vulnerable to an authentication-reachable issue: ISIQ 1.0.0–1.0.5 does not encode/escape web UI command requests, allowing an authenticated user to bypass illegal character restrictions and perform unauthorized actions. Root cause: lack of encoding/escaping of commands originated from the we...
CVE-2020-4164
CVE-2020-4164 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.5, where application error messages could disclose sensitive information, creating potential information-disclosure risk. The root issue is that error outputs may reveal data that could aid further attacks. The advisor...
CVE-2020-4284
IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.5 are affected by CVE-2020-4284 due to insufficient session timeout in the Web UI, enabling potential disclosure of sensitive information to unauthorized users. The IBM security bulletin notes that as of ISIQ v1.0.6, sessions are automatica...
CVE-2020-4291
ISIQ (IBM Security Information Queue) 1.0.0–1.0.5 fails to invalidate sessions after logout, enabling potential disclosure of sensitive information due to insufficient timeout functionality in the Web UI. The root cause is improper session termination in ISIQ’s web interface, with CVE-2020-4291 a...
CVE-2020-4283
CVE-2020-4283 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The IBM bulletin confirms a hard-coded credential issue: the JWT secret is stored in plain text in a YAML file (as of v1.0.5, an encrypted JWT secret is generated during configuration). The vulnerability enables aut...
CVE-2020-4290
CVE-2020-4290 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.5. An authenticated user could spoof the configuration owner of another user by tampering with the configuration request object, leading to disclosure of sensitive information or unauthorized access. IBM’s bulletin not...
CVE-2020-4289
ISIQ (IBM Security Information Queue) versions 1.0.0–1.0.5 expose sensitive cookie data because session cookies lack the HttpOnly flag. This could allow a remote attacker to read cookie data. IBM’s advisory states as of v1.0.6 the HttpOnly flag is set and provides remediation by upgrading to 1.0....
CVE-2020-4292
CVE-2020-4292 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The issue is an overly permissive cross-origin resource sharing (CORS) policy that can disclose sensitive information by including untrusted domains in the policy. The IBM bulletin confirms the root cause as the cro...