Remote Information Disclosure in IBM Security Identity Governance and Intelligence
CVE-2020-4969

2.6LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
21 January 2021

Summary

IBM Security Identity Governance and Intelligence version 5.2.6 has a flaw that could allow a remote attacker to exploit improper handling of HTTP Strict Transport Security (HSTS). This vulnerability may enable an attacker to intercept sensitive data transmitted over the network using man in the middle techniques, potentially leading to unauthorized access to confidential information.

Affected Version(s)

Security Identity Governance and Intelligence 5.2.6

References

CVSS V3.1

Score:
2.6
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.