CVE-2023-50962

Name of the Vulnerable Software and Affected Versions IBM PowerSC versions 1.3 through 2.1

Description The issue concerns the lack of implementation of the "HTTP Strict Transport Security" (HSTS) web security policy mechanism in the MFA component. This mechanism is designed to protect against certain types of attacks by ensuring that web browsers only interact with the server over a secure connection. Without HSTS, the system may be more vulnerable to attacks that rely on manipulating or intercepting HTTP connections.

Recommendations For IBM PowerSC versions 1.3 through 2.1, consider implementing the HSTS policy mechanism to enhance the security of the MFA component. As a temporary workaround, restrict access to sensitive resources and ensure that all interactions with the system are conducted over secure connections. At the moment, there is no information about a newer version that contains a fix for this issue.