IBM Security Bulletin: A vulnerability in IBM InfoSphere Information Server allows a remote attacker to obtain sensitive information (CVE-2018-1454)
IBM InfoSphere Information Governance Catalog and IBM InfoSphere Data Click could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE(s): CVE-2018-1454
Affected product(s) and affected version(s):
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Governance Catalog: versions 11.3, 11.5, and 11.7
IBM InfoSphere Data Click: versions 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22015222
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/140089
The post IBM Security Bulletin: A vulnerability in IBM InfoSphere Information Server allows a remote attacker to obtain sensitive information (CVE-2018-1454) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2sBREmF