CVE-2021-39090

Published: Feb 29, 2024Modified: Dec 31, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.

Affected (1)

Products: Ibm: Cloud Pak For Security

1 product

Cloud Pak For Security

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Cloud Pak For Security	From 1.10.0.0 to 1.10.7.0

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/216388

Source: psirt@us.ibm.com

Vendor Advisory

https://www.ibm.com/support/pages/node/6856407

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/216388

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.ibm.com/support/pages/node/6856407

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.