CVE-2019-4162 MEDIUM

CVE-2019-4162

Vendor Ibm
Product Security Information Queue
Published June 6, 2019
Last update September 17, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/I:N/PR:N/AC:H/AV:N/S:U/UI:N/A:N/C:H/RL:O/E:U/RC:C

What the vulnerability does

01Description

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661.

Key dates

02Disclosure timeline

June 6, 2019 CVE published
September 17, 2024 Record updated