Information Disclosure Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2019-4138

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Spectrum Control Standard Edition
Vendor
CVE Published:
29 May 2019

Summary

IBM Tivoli Storage Productivity Center versions 5.2.13 to 5.3.0.1 are susceptible to an information disclosure vulnerability due to improper configuration of HTTP Strict Transport Security (HSTS). This misconfiguration allows remote attackers to exploit the vulnerability using man in the middle techniques, potentially gaining access to sensitive information transmitted over the network. Users are advised to check their configurations and apply security best practices to mitigate this vulnerability.

Affected Version(s)

Spectrum Control Standard Edition 5.2.13

Spectrum Control Standard Edition 5.2.14

Spectrum Control Standard Edition 5.2.15

References

http://www.ibm.com/support/docview.wss?uid=ibm10880375
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/158334
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/108533
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.