Information Disclosure Vulnerability in IBM Security SOAR
CVE-2021-29785

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Soar
Vendor: CVE Published:; 20 January 2022

Summary

The vulnerability in IBM Security SOAR V42 and V43 results from improper enforcement of HTTP Strict Transport Security, which allows a remote attacker to exploit this weakness. By employing man-in-the-middle techniques, the attacker could capture sensitive information communicated between users and the application. Proper configuration and patching are critical to mitigating the risk posed by this vulnerability.

Affected Version(s)

Security SOAR 42

Security SOAR 43

References

https://www.ibm.com/support/pages/node/6541974

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/203169

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2022
Vulnerability Reserved
Mar 31, 2021