CVE-2019-4218
Description
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 159227.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Security Information Queue (ISIQ) versions 1.0.0 through 1.0.2 cache sensitive web pages locally, enabling local information disclosure.
Vulnerability
IBM Security Information Queue (ISIQ) versions 1.0.0, 1.0.1, and 1.0.2 do not prevent web pages from being cached by the browser. This allows sensitive content to be stored in the local cache, making it accessible to other users on the same system [1].
Exploitation
An attacker with local access to the system can read the browser's cache to retrieve the stored web pages. The victim must have previously accessed ISIQ and the browser must have cached the content. No authentication or user interaction is required for the attacker to read the cache [1].
Impact
Successful exploitation leads to unauthorized disclosure of sensitive information from the cached pages. The confidentiality impact is low (CVSS 3.0 base score 4.0), and there is no impact on integrity or availability [1].
Mitigation
Upgrade to ISIQ version 1.0.3 or later, which sets appropriate cache-control headers to prevent browser caching. The fix is available from the Docker Hub repository ibmcorp/security_information_queue [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: >=1.0.0 <=1.0.2
- Range: 1.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/159227mitrevdb-entryx_refsource_XF
- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.