CVE-2020-4175

Опубликовано: 27 авг. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/174684
VDB Entry
https://www.ibm.com/support/pages/node/6323297
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/174684
VDB Entry
https://www.ibm.com/support/pages/node/6323297
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00298

Низкий

5.9 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-625q-5x77-56q3

github

больше 3 лет назад

EPSS

Процентиль: 53%

0.00298

Низкий

5.9 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-862