nvd-json-data-feeds/CVE-2019/CVE-2019-41xx/CVE-2019-4162.json

{
  "id": "CVE-2019-4162",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2019-06-06T21:29:00.803",
  "lastModified": "2023-02-03T20:39:49.220",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM X-Force ID: 158661."
    },
    {
      "lang": "es",
      "value": "Falta el encabezado de seguridad de transporte estricto de HTTP en la cola de informaci\u00f3n de seguridad de IBM (ISIQ) 1.0.0, 1.0.1 y 1.0.2. Los usuarios pueden navegar por error a la versi\u00f3n sin cifrar de la aplicaci\u00f3n web o aceptar certificados no v\u00e1lidos. Esto hace que los datos confidenciales se env\u00eden sin cifrar a trav\u00e9s del cable. ID de IBM X-Force: 158661."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV30": [
      {
        "source": "psirt@us.ibm.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9C1648E-DC06-40C1-9402-DCEA495EA56E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC11E98-3C57-436E-B47A-B5EE0ED200CD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:security_information_queue:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44CEB32A-9E8E-429B-8196-CE3028B10846"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158661",
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885963",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}