Описание
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00264
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.
EPSS
Процентиль: 50%
0.00264
Низкий
5 Medium
CVSS2
Дефекты
CWE-200