IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 09 Sep 2024 17:45:00 +0000

Type Values Removed Values Added
References

Mon, 09 Sep 2024 17:15:00 +0000

Type Values Removed Values Added
Title IBM API Connect information disclosure
References
Metrics cvssV3_0

{'score': 5.9, 'vector': 'CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O'}

cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_0

{'score': 5.9, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-07-06T14:00:00Z

Updated: 2024-09-17T01:06:33.675Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1546

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-06T14:29:01.443

Modified: 2024-11-21T03:59:59.507

Link: CVE-2018-1546

cve-icon Redhat

No data.