IBM TRIRIGA could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
CVE(s): CVE-2017-1464
Affected product(s) and affected version(s):
The following IBM TRIRIGA Platform versions are affected.
· IBM TRIRIGA Application Platform 3.5.0 – 3.5.3.0.
· IBM TRIRIGA Application Platform 3.4.0 – 3.4.2.5.
· IBM TRIRIGA Application Platform 3.3.0 – 3.3.2.5.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ALjaod
X-Force Database: http://ift.tt/2zUvum4
The post IBM Security Bulletin: IBM TRIRIGA is Missing HTTP Strict-Transport-Security Header (CVE-2017-1464) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2ALtnAR
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.