IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/158661 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/docview.wss?uid=ibm10885963 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2019-06-04T00:00:00
Updated: 2019-06-06T20:45:19
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-4162
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-06T21:29:00.803
Modified: 2023-02-03T20:39:49.220
Link: CVE-2019-4162
JSON object: View
Redhat Information
No data.
CWE