exploitDog

CVE-2023-35888

Опубликовано: 20 мар. 2024

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/258375
Vendor Advisory
https://www.ibm.com/support/pages/node/7144228
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/258375
Vendor Advisory
https://www.ibm.com/support/pages/node/7144228
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:security_verify_governance:10.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.0002

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-311

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3v58-fff7-9hpf

CVSS3: 5.9

github

почти 2 года назад

IBM Security Verify Governance 10.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 258375.

EPSS

Процентиль: 4%

0.0002

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-311

NVD-CWE-noinfo