CVE-2020-4175

Published: Aug 27, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684.

Affected (1)

Products: Ibm: Security Guardium Insights

1 product

Security Guardium Insights

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Guardium Insights	Version 2.0.1

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/174684

Source: psirt@us.ibm.com

VDB Entry

https://www.ibm.com/support/pages/node/6323297

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/174684

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

https://www.ibm.com/support/pages/node/6323297

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.