CVE-2019-4667
First published: Wed Feb 12 2020(Updated: )
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM UrbanCode Deploy | =7.0.5.2 | |
| <=All |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-4667?
CVE-2019-4667 is a vulnerability in IBM UrbanCode Deploy (UCD) 7.0.5.2 that could allow a remote attacker to obtain sensitive information.
How does CVE-2019-4667 affect IBM UrbanCode Deploy?
CVE-2019-4667 affects IBM UrbanCode Deploy version 7.0.5.2.
What is the severity of CVE-2019-4667?
CVE-2019-4667 has a severity level of medium, with a CVSS score of 5.9.
How can an attacker exploit CVE-2019-4667?
An attacker can exploit CVE-2019-4667 by using man-in-the-middle techniques to obtain sensitive information.
Is there a fix for CVE-2019-4667?
To fix CVE-2019-4667, users should enable HTTP Strict Transport Security (HSTS) properly in IBM UrbanCode Deploy.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm urbancode deploy
- version/ibm urbancode deploy/7.0.5.2
- canonical/ibm ucd - ibm urbancode deploy
- version/ibm ucd - ibm urbancode deploy/all