| Vulnerability Name: | CVE-2018-1454 (CCN-140089) | ||||||||||||
| Assigned: | 2017-12-13 | ||||||||||||
| Published: | 2018-06-01 | ||||||||||||
| Updated: | 2020-08-24 | ||||||||||||
| Summary: | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089. | ||||||||||||
| CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-319 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1454 Source: CCN Type: IBM Security Bulletin 2015222 (InfoSphere Information Server) A vulnerability in IBM InfoSphere Information Server allows a remote attacker to obtain sensitive information (CVE-2018-1454) Source: CONFIRM Type: Vendor Advisory http://www.ibm.com/support/docview.wss?uid=swg22015222 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1041038 Source: XF Type: Third Party Advisory, VDB Entry ibm-infosphere-cve20181454-info-disc(140089) Source: XF Type: UNKNOWN ibm-infosphere-cve20181454-info-disc(140089) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||