Information Disclosure Vulnerability in IBM Jazz Applications
CVE-2018-1694
5.9MEDIUM
Key Information:
- Vendor
- IBM
- Status
- Vendor
- CVE Published:
- 6 November 2018
Summary
The vulnerability in IBM Jazz applications is associated with the improper configuration of HTTP Strict Transport Security (HSTS), which could permit a remote attacker to exploit man-in-the-middle techniques to gain unauthorized access to sensitive information. This lack of proper security measures can potentially allow malicious actors to intercept and obtain critical data, jeopardizing the confidentiality of user information and application integrity.
Affected Version(s)
Rational Collaborative Lifecycle Management 5.0
Rational Collaborative Lifecycle Management 6.0
Rational Collaborative Lifecycle Management 6.0.1
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved