CVE-2018-1546
MEDIUMIBM API Connect 5.0.0.0-5.0.8.3 - Exposure of Sensitive Information via Missing HSTS Enforcement
Title source: llmDescription
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.
References (3)
Core 3
Core References
Various Sources
https://www-prd-trops.events.ibm.com/node/715299
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/142650
Various Sources x_refsource_confirm
vendor-advisory
https://www.ibm.com/support/pages/node/715299
Scores
CVSS v3
5.9
EPSS
0.0221
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
ibm/api_connect
5.0.0.0 - 5.0.8.3
Published
Jul 06, 2018
Tracked Since
Feb 18, 2026