Information Disclosure Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2019-4138

5.9MEDIUM

Key Information:

Vendor

IBM
Status
Spectrum Control Standard Edition
Vendor
CVE Published:
29 May 2019

What is CVE-2019-4138?

IBM Tivoli Storage Productivity Center versions 5.2.13 to 5.3.0.1 are susceptible to an information disclosure vulnerability due to improper configuration of HTTP Strict Transport Security (HSTS). This misconfiguration allows remote attackers to exploit the vulnerability using man in the middle techniques, potentially gaining access to sensitive information transmitted over the network. Users are advised to check their configurations and apply security best practices to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Spectrum Control Standard Edition 5.2.13

Spectrum Control Standard Edition 5.2.14

Spectrum Control Standard Edition 5.2.15

References

http://www.ibm.com/support/docview.wss?uid=ibm10880375
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/158334
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/108533
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.