Home Unlabelled IBM Security Bulletin: A vulnerability in IBM InfoSphere Information Server allows a remote attacker to obtain sensitive information (CVE-2018-1454)

IBM Security Bulletin: A vulnerability in IBM InfoSphere Information Server allows a remote attacker to obtain sensitive information (CVE-2018-1454)

By
Saturday, June 02, 2018
Read
Add Comment

IBM InfoSphere Information Governance Catalog and IBM InfoSphere Data Click could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVE(s): CVE-2018-1454

Affected product(s) and affected version(s):

The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Governance Catalog: versions 11.3, 11.5, and 11.7
IBM InfoSphere Data Click: versions 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22015222
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140089

The post IBM Security Bulletin: A vulnerability in IBM InfoSphere Information Server allows a remote attacker to obtain sensitive information (CVE-2018-1454) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2sBREmF
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us