Information Disclosure in IBM i2 Enterprise Insight Analysis Software
CVE-2018-1525
5.9MEDIUM
Summary
IBM i2 Enterprise Insight Analysis version 2.1.7 is susceptible to a vulnerability that allows a remote attacker to access sensitive information due to inadequate implementation of HTTP Strict Transport Security (HSTS). This oversight may permit an attacker to execute man-in-the-middle attacks, thereby compromising the confidentiality of data exchanged between the application and users. Addressing this vulnerability is crucial for safeguarding sensitive information within the platform.
Affected Version(s)
i2 Enterprise Insight Analysis 2.1.7
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved