IBM Cloud Pak for Security 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. Response headers include information that provide an attacker with clues that can be used to focus attacks for better results. This has been addressed in an update.
CVEID:CVE-2020-4967
**DESCRIPTION:**IBM Cloud Pak for Security (CP4S) could disclose sensitive information through HTTP headers which could be used in further attacks against the system.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192425 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Cloud Pak for Security (CP4S) | 1.3.0.1 |
Upgrade to IBM Cloud Pak for Security v1.4.0.0 or greater at at <https://cloud.ibm.com/catalog/content/ibm-cp-security-b25bd169-0fbd-4cf3-a8ea-0067316158a4-global> or following <https://www.ibm.com/support/knowledgecenter/en/SSTDPP_1.4.0/platform/docs/security-pak/upgrading.html>
None