CVE-2018-1454

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089.

Published: Jun 5, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-1454
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
ibm / infosphere_information_server	11.3	11.3.x
ibm / infosphere_information_server	11.5	11.5.x
ibm / infosphere_information_server	11.7	11.7.x

http://www.ibm.com/support/docview.wss?uid=swg22015222
http://www.securitytracker.com/id/1041038
https://exchange.xforce.ibmcloud.com/vulnerabilities/140089

Vulnerability Database

289,697

CVE-2018-1454