CVE-2021-29838

Опубликовано: 26 янв. 2022

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/205026
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6550866
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/205026
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6550866
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:security_guardium_insights:3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00168

Низкий

5.9 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-w66g-mfpq-g4x7

github

около 4 лет назад

EPSS

Процентиль: 38%

0.00168

Низкий

5.9 Medium

CVSS3

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200