CVE-2018-1525

5.9MEDIUM

Key Information:

Vendor
IBM
Status
I2 Enterprise Insight Analysis
Vendor
CVE Published:
6 December 2018

Summary

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117.

Affected Version(s)

i2 Enterprise Insight Analysis 2.1.7

References

https://www.ibm.com/support/docview.wss?uid=ibm10738699
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/142117
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.