CVE-2020-4175

Vulnerability

IBM Security Guardium Insights version 2.0.1 does not properly enable HTTP Strict Transport Security (HSTS). This misconfiguration leaves the application’s communications vulnerable to downgrade attacks, as the server fails to instruct browsers to enforce TLS-only connections. No special privileges or prior access are required to exploit this weakness; the attacker only needs to be positioned on the network path between the client and the server.

Exploitation

An attacker with the ability to intercept network traffic (e.g., through a man-in-the-middle position on a shared or compromised network) can exploit the missing HSTS header. When a user initiates an HTTP connection to the vulnerable Guardium Insights instance, the attacker can intercept the initial plaintext request and perform a protocol downgrade or inject malicious responses, effectively capturing or manipulating sensitive information transmitted during the session.

Impact

Successful exploitation allows the attacker to obtain sensitive information that would otherwise be protected by TLS encryption. Depending on the data exchanged, this could include credentials, session tokens, audit logs, or configuration details. The CVSS v3.0 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates high confidentiality impact but no integrity or availability impact, and the attack requires high complexity due to the need for network interception.

Mitigation

IBM has addressed this vulnerability in a security update. According to the vendor advisory [1], administrators should apply the appropriate fix as described in IBM Security Bulletin 6323297. No workaround is available; upgrading to a fixed version of IBM Security Guardium Insights is the recommended course of action.