Remote Information Disclosure in IBM Security Identity Governance and Intelligence
CVE-2020-4969
2.6LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 21 January 2021
Summary
IBM Security Identity Governance and Intelligence version 5.2.6 has a flaw that could allow a remote attacker to exploit improper handling of HTTP Strict Transport Security (HSTS). This vulnerability may enable an attacker to intercept sensitive data transmitted over the network using man in the middle techniques, potentially leading to unauthorized access to confidential information.
Affected Version(s)
Security Identity Governance and Intelligence 5.2.6
References
CVSS V3.1
Score:
2.6
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved