Information Disclosure in IBM i2 Enterprise Insight Analysis Software
CVE-2018-1525

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 December 2018

Summary

IBM i2 Enterprise Insight Analysis version 2.1.7 is susceptible to a vulnerability that allows a remote attacker to access sensitive information due to inadequate implementation of HTTP Strict Transport Security (HSTS). This oversight may permit an attacker to execute man-in-the-middle attacks, thereby compromising the confidentiality of data exchanged between the application and users. Addressing this vulnerability is crucial for safeguarding sensitive information within the platform.

Affected Version(s)

i2 Enterprise Insight Analysis 2.1.7

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.