IBM Cloud Pak for Security Vulnerability Could Lead to Sensitive Information Theft
CVE-2021-39090

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 February 2024

Summary

A vulnerability exists in IBM Cloud Pak for Security which allows a remote attacker to potentially exploit the improper configuration of HTTP Strict Transport Security (HSTS). This misconfiguration can lead to sensitive information exposure through man-in-the-middle attacks, allowing unauthorized individuals to intercept communications. Organizations utilizing affected versions of IBM Cloud Pak for Security are advised to review their HSTS settings and apply necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.6.0

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.