Information Disclosure in IBM i2 Enterprise Insight Analysis Software
CVE-2018-1525

5.9MEDIUM

Key Information:

Vendor: IBM
Status: I2 Enterprise Insight Analysis
Vendor: CVE Published:; 6 December 2018

Summary

IBM i2 Enterprise Insight Analysis version 2.1.7 is susceptible to a vulnerability that allows a remote attacker to access sensitive information due to inadequate implementation of HTTP Strict Transport Security (HSTS). This oversight may permit an attacker to execute man-in-the-middle attacks, thereby compromising the confidentiality of data exchanged between the application and users. Addressing this vulnerability is crucial for safeguarding sensitive information within the platform.

Affected Version(s)

i2 Enterprise Insight Analysis 2.1.7

References

https://www.ibm.com/support/docview.wss?uid=ibm10738699

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/142117

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2018
Vulnerability Reserved
Dec 13, 2017