CVE-2018-1454Cleartext Transmission of Sensitive Info in IBM Infosphere Information Server

CWE-319Cleartext Transmission of Sensitive Info4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 47.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Infosphere Information Server
Timeline
PublishedJun 5
Latest updateMay 13

Description

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/infosphere_information_server11.3, 11.5, 11.7+2
NVDibm/infosphere_information_server11.3, 11.5, 11.7+2

🔴Vulnerability Details

2
GHSA
GHSA-f796-qh67-hm9p: IBM InfoSphere Information Server 112022-05-13
CVEList
CVE-2018-1454: IBM InfoSphere Information Server 112018-06-05

💬Community

1
Bugzilla
CVE-2018-16646 poppler: infinite recursion in Parser::getObj function in Parser.cc2018-09-07
CVE-2018-1454 — IBM vulnerability | cvebase