Information Disclosure Vulnerability in IBM ApplinX by IBM
CVE-2024-49797

5.9MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
6 February 2025

Summary

IBM ApplinX 11.1 has a vulnerability stemming from improper configuration of HTTP Strict Transport Security (HSTS). This oversight can allow remote attackers to exploit the system, potentially gaining access to sensitive information through man-in-the-middle techniques. Proper implementation of HSTS is essential to ensure the confidentiality and integrity of the data transmitted, as insufficient enforcement may expose users and their data to significant risks.

Affected Version(s)

ApplinX 11.1

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.