Sensitive Information Disclosure in IBM Tivoli Endpoint Manager
CVE-2017-1229

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Bigfix Family
Vendor: CVE Published:; 13 November 2017

Summary

A security issue in IBM Tivoli Endpoint Manager allows remote attackers to exploit improper configuration of HTTP Strict Transport Security (HSTS), leading to potential sensitive information disclosure. By employing man-in-the-middle attacks, an attacker can intercept and read sensitive data transmitted over the network, increasing the risk of unauthorized access to confidential information.

Affected Version(s)

BigFix family 9.2

BigFix family 9.5

References

http://www.ibm.com/support/docview.wss?uid=swg22005246

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/123908

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2017
Vulnerability Reserved
Nov 30, 2016