CVE-2021-29892
Global infos:
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVE Status: Analyzed
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | HIGH |
| Attack Vector | NETWORK |
| Availability Impact | NONE |
| Base Score | 5.9 |
| Base Severity | MEDIUM |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Privileges Required | NONE |
| Scope | UNCHANGED |
| User Interaction | NONE |
| Vector String | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Exploitability Score | 2.2 |
| Impact Score | 3.6 |
| Source | [email protected] |
| Type | Primary |