Missing HTTP Strict Transport Security (HSTS) in One Identity Cloud Access Manager 8.1.3 allows for MITM attacks

Missing HTTP Strict Transport Security (HSTS) in One Identity Cloud Access Manager 8.1.3 allows for MITM attacks

CVE-2019-13498 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.

Learn more about our Cloud Audit.