IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6454587 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
24 May 2021, 20:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.9 |
CPE | cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_identity_manager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/200253 - VDB Entry, Vendor Advisory | |
References | (CONFIRM) https://www.ibm.com/support/pages/node/6454587 - Patch, Vendor Advisory | |
CWE | NVD-CWE-noinfo |
20 May 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253. |
20 May 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-20 15:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29692
Mitre link : CVE-2021-29692
CVE.ORG link : CVE-2021-29692
JSON object : View
Products Affected
oracle
- solaris
linux
- linux_kernel
ibm
- aix
- security_identity_manager
microsoft
- windows
CWE