PT-2020-11025 · Ibm · Ibm Security Guardium Data Encryption
Published
2020-08-26
·
Updated
2021-07-21
·
CVE-2019-4689
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Guardium Data Encryption (GDE) version 3.0.0.2
Description
The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information using man-in-the-middle techniques.
Recommendations
For IBM Security Guardium Data Encryption (GDE) version 3.0.0.2, enable HTTP Strict Transport Security to prevent exploitation. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Guardium Data Encryption