CVE-2019-4594Cleartext Transmission of Sensitive Info in IBM Qradar Security Information AND Event Manager

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 65.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar Security Information AND Event ManagerIBM Qradar
Timeline
PublishedApr 15
Latest updateMay 24

Description

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/qradar7.3.0, 7.3.3.Patch1+1

🔴Vulnerability Details

2
GHSA
GHSA-qx42-7245-rc87: IBM QRadar 72022-05-24
CVEList
CVE-2019-4594: IBM QRadar 72020-04-15
CVE-2019-4594 — IBM vulnerability | cvebase