Lucene search
K
IbmSecurity Information Queue

13 matches found

CVE
CVE
added 2019/06/06 8:45 p.m.221 views

CVE-2019-4161

CVE-2019-4161 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2. The issue discloses internal data left over from development/beta phases to unauthorized users, enabling potential follow-on attacks. IBM’s bulletin confirms a fix in 1.0.3 and later; upgrade to 1.0.3+ or apply the ...

4CVSS3.6AI score0.00348EPSS
CVE
CVE
added 2019/06/06 8:45 p.m.210 views

CVE-2019-4162

IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2 are affected by missing HTTP Strict Transport Security (HSTS) headers, enabling potential exposure where users may navigate to an unencrypted version of the web app or accept invalid TLS certificates. The issue stems from ISIQ not enforci...

7.5CVSS7.2AI score0.00595EPSS
CVE
CVE
added 2019/06/06 8:45 p.m.210 views

CVE-2019-4217

IBM Security Information Queue (ISIQ) vulnerable in versions 1.0.0–1.0.2 to a remote clickjacking attack: a malicious site can cause a victim’s clicking actions to be hijacked. The issue is fixed in ISIQ 1.0.3, where the web server disallows framing content. Remediation: upgrade to 1.0.3 or later...

6.1CVSS6.1AI score0.01183EPSS
CVE
CVE
added 2019/06/06 8:45 p.m.205 views

CVE-2019-4218

CVE-2019-4218 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2. The issue: web pages containing sensitive content could be stored locally and read by another user on the same system, implying local access risk. The vulnerability is tied to ISIQ’s handling/cache behavior, enablin...

4CVSS3.4AI score0.0034EPSS
CVE
CVE
added 2019/06/06 8:45 p.m.197 views

CVE-2019-4219

IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2 disclose sensitive data via error messages, enabling information disclosure as described in multiple sources (NVD/CNVD/IBM bulletin). Root cause: error messages reveal internal data. Impact: confidentiality exposure; no exploitation detai...

5.3CVSS4.9AI score0.01269EPSS
CVE
CVE
added 2020/04/08 2:5 p.m.50 views

CVE-2020-4282

ISIQ vulnerable to an authentication-reachable issue: ISIQ 1.0.0–1.0.5 does not encode/escape web UI command requests, allowing an authenticated user to bypass illegal character restrictions and perform unauthorized actions. Root cause: lack of encoding/escaping of commands originated from the we...

4.3CVSS4.3AI score0.00796EPSS
CVE
CVE
added 2020/04/08 2:5 p.m.48 views

CVE-2020-4164

CVE-2020-4164 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.5, where application error messages could disclose sensitive information, creating potential information-disclosure risk. The root issue is that error outputs may reveal data that could aid further attacks. The advisor...

4CVSS3.4AI score0.00978EPSS
CVE
CVE
added 2020/04/08 2:5 p.m.46 views

CVE-2020-4284

IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.5 are affected by CVE-2020-4284 due to insufficient session timeout in the Web UI, enabling potential disclosure of sensitive information to unauthorized users. The IBM security bulletin notes that as of ISIQ v1.0.6, sessions are automatica...

5.3CVSS4.8AI score0.01308EPSS
CVE
CVE
added 2020/04/08 2:5 p.m.43 views

CVE-2020-4291

ISIQ (IBM Security Information Queue) 1.0.0–1.0.5 fails to invalidate sessions after logout, enabling potential disclosure of sensitive information due to insufficient timeout functionality in the Web UI. The root cause is improper session termination in ISIQ’s web interface, with CVE-2020-4291 a...

4.7CVSS4.1AI score0.01208EPSS
CVE
CVE
added 2020/03/02 2:0 p.m.41 views

CVE-2020-4283

CVE-2020-4283 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The IBM bulletin confirms a hard-coded credential issue: the JWT secret is stored in plain text in a YAML file (as of v1.0.5, an encrypted JWT secret is generated during configuration). The vulnerability enables aut...

8.6CVSS8.3AI score0.01288EPSS
CVE
CVE
added 2020/04/08 2:5 p.m.39 views

CVE-2020-4290

CVE-2020-4290 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.5. An authenticated user could spoof the configuration owner of another user by tampering with the configuration request object, leading to disclosure of sensitive information or unauthorized access. IBM’s bulletin not...

5.5CVSS5AI score0.0067EPSS
CVE
CVE
added 2020/04/08 2:5 p.m.36 views

CVE-2020-4289

ISIQ (IBM Security Information Queue) versions 1.0.0–1.0.5 expose sensitive cookie data because session cookies lack the HttpOnly flag. This could allow a remote attacker to read cookie data. IBM’s advisory states as of v1.0.6 the HttpOnly flag is set and provides remediation by upgrading to 1.0....

5.3CVSS4.9AI score0.01624EPSS
CVE
CVE
added 2020/03/02 2:0 p.m.36 views

CVE-2020-4292

CVE-2020-4292 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The issue is an overly permissive cross-origin resource sharing (CORS) policy that can disclose sensitive information by including untrusted domains in the policy. The IBM bulletin confirms the root cause as the cro...

5.3CVSS5AI score0.00981EPSS