IBM Cognos Controller Vulnerability Could Lead to Sensitive Information Disclosure
CVE-2021-29892
5.9MEDIUM
Summary
IBM Cognos Controller versions 11.0.0 and 11.0.1 are susceptible to a vulnerability that could enable remote attackers to acquire sensitive information. This situation arises from the failure to correctly implement HTTP Strict Transport Security (HSTS), which can be exploited through man-in-the-middle techniques. In the absence of proper security configurations, an attacker can intercept communications, leading to potential data breaches.
Affected Version(s)
Cognos Controller 11.0.0, 11.0.1
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved