Information Disclosure Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2019-4138

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 May 2019

Summary

IBM Tivoli Storage Productivity Center versions 5.2.13 to 5.3.0.1 are susceptible to an information disclosure vulnerability due to improper configuration of HTTP Strict Transport Security (HSTS). This misconfiguration allows remote attackers to exploit the vulnerability using man in the middle techniques, potentially gaining access to sensitive information transmitted over the network. Users are advised to check their configurations and apply security best practices to mitigate this vulnerability.

Affected Version(s)

Spectrum Control Standard Edition 5.2.13

Spectrum Control Standard Edition 5.2.14

Spectrum Control Standard Edition 5.2.15

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.