Information Disclosure Vulnerability in IBM Security Guardium Insights
CVE-2021-29838

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Guardium Insights
Vendor: CVE Published:; 26 January 2022

Summary

IBM Security Guardium Insights 3.0 is vulnerable due to improper configuration of HTTP Strict Transport Security, allowing remote attackers to leverage man-in-the-middle techniques to intercept sensitive information. This flaw could enable malicious actors to access confidential data during transmission, posing significant risks to organizational security.

Affected Version(s)

Security Guardium Insights 3.0

References

https://www.ibm.com/support/pages/node/6550866

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/205026

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2022
Vulnerability Reserved
Mar 31, 2021