CVE-2019-4162

Name of the Vulnerable Software and Affected Versions IBM Security Information Queue (ISIQ) versions 1.0.0 through 1.0.2

Description The issue arises from the missing HTTP Strict Transport Security header in the affected software. This allows users to potentially navigate to the unencrypted version of the web application or accept invalid certificates, resulting in sensitive data being sent unencrypted over the wire.

Recommendations For versions 1.0.0 through 1.0.2, consider implementing the HTTP Strict Transport Security header to enforce encrypted connections and prevent users from accessing the unencrypted version of the web application. At the moment, there is no information about a newer version that contains a fix for this vulnerability.