Remote Information Disclosure in IBM Security Guardium Insights
CVE-2020-4175

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Security Guardium Insights
Vendor
CVE Published:
27 August 2020

Summary

IBM Security Guardium Insights 2.0.1 contains a vulnerability due to improper implementation of HTTP Strict Transport Security. This flaw allows remote attackers to intercept and obtain sensitive information through man-in-the-middle techniques. The oversight in enforcing secure communication could lead to significant data exposure, making it critical for users of this product to apply the necessary security updates to mitigate the risk.

Affected Version(s)

Security Guardium Insights 2.0.1

References

https://www.ibm.com/support/pages/node/6323297
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/174684
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.