CVE-2021-29892Cleartext Transmission of Sensitive Info in IBM Cognos Controller

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 90.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cognos Controller
Timeline
PublishedDec 3

Description

IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cognos_controller11.0.0, 11.0.1
NVDibm/cognos_controller11.0.0, 11.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-837j-xr3g-c46p: IBM Cognos Controller 112024-12-03
CVEList
IBM Cognos Controller information disclosure2024-12-03
CVE-2021-29892 — IBM Cognos Controller vulnerability | cvebase