PT-2023-6912 · Ibm · Ibm Security Directory Server
Ben Goodspeed
+8
·
Published
2023-10-14
·
Updated
2023-10-18
·
CVE-2022-33161
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security Directory Server version 6.4.0
Description
The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information using man-in-the-middle techniques.
Recommendations
For IBM Security Directory Server version 6.4.0, enable HTTP Strict Transport Security to prevent exploitation. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Directory Server