CVE-2018-1525

Опубликовано: 06 дек. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142117.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/142117
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10738699
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/142117
VDB Entry
Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10738699
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:i2_enterprise_insight_analysis:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:i2_enterprise_insight_analysis:2.1.8:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00122

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-8c7r-23x6-924q