CVE-2020-4783

MEDIUM Year: 2020
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.

Related Vulnerabilities

CVE-2017-7677

MEDIUM
CVSS:5.9(Medium)

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.

CWE-8622017

CVE-2019-0201

MEDIUM
CVSS:5.9(Medium)

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and retur...

CWE-8622019

CVE-2020-4175

MEDIUM
CVSS:5.9(Medium)

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit t...

CWE-8622020

CVE-2020-4413

MEDIUM
CVSS:5.9(Medium)

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this v...

CWE-8622020

CVE-2020-4841

MEDIUM
CVSS:5.9(Medium)

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this v...

CWE-8622020

CVE-2021-40327

MEDIUM
CVSS:5.9(Medium)

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For exampl...

CWE-8622021