Information Disclosure Vulnerability in IBM Tivoli Storage Productivity Center
CVE-2019-4138
5.9MEDIUM
Summary
IBM Tivoli Storage Productivity Center versions 5.2.13 to 5.3.0.1 are susceptible to an information disclosure vulnerability due to improper configuration of HTTP Strict Transport Security (HSTS). This misconfiguration allows remote attackers to exploit the vulnerability using man in the middle techniques, potentially gaining access to sensitive information transmitted over the network. Users are advised to check their configurations and apply security best practices to mitigate this vulnerability.
Affected Version(s)
Spectrum Control Standard Edition 5.2.13
Spectrum Control Standard Edition 5.2.14
Spectrum Control Standard Edition 5.2.15
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved