Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-39090

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388.

Published

2024-02-29T03:15:06.467

Last Modified

2024-12-31T17:21:48.893

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-311
Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	cloud_pak_for_security	< 1.10.7.0	Yes
Operating System	linux	linux_kernel	-	No

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/216388 Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6856407 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/216388 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6856407 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)