Description
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Scope
Unchanged
Privileges Required
None
Availability
None
Integrity
None
Attack Complexity
High
User Interaction
None
Confidentiality
High
RC
Changed
RL
O
E
Unchanged
Affected products
- ibm / urbancode_deploy7.0.5.2 – 7.0.5.2