#VU83551 Configuration in IBM InfoSphere Information Server - CVE-2023-42019

Cybersecurity Help s.r.o.

Published: 2023-11-29

Vulnerability identifier: #VU83551

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-42019

CWE-ID: CWE-16

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM InfoSphere Information Server
Server applications / Database software

Vendor: IBM Corporation

Description

The issue may allow a remote attacker to gain access to sensitive information.

The issue exists due to the failure to properly enable the HTTP Strict Transport Security header. A remote attacker can gain access to potentially sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server: 11.7 - 11.7.1.125

External links
https://www.ibm.com/support/pages/node/7067719

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM InfoSphere Information Server