IBM Security Information Queue (ISIQ) allows web pages containing sensitive content to be cached by a browser and thus become vulnerable to attackers or malware. As of v1.0.3, the ISIQ web server instructs the browser to not cache the content.
CVEID: CVE-2019-4218 DESCRIPTION: IBM Security Information Queue (ISIQ) allows web pages to be stored locally which can be read by another user on the system.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159227> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Security Information Queue v1.0.0, v1.0.1, and v1.0.2
Download and install the latest IBM Security Information Queue images (tagged at 1.0.3 or greater) from the Docker Hub repository, βibmcorp/security_information_queueβ:
<https://cloud.docker.com/u/ibmcorp/repository/docker/ibmcorp/security_information_queue>