Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA207201071D3B307A91225986FA2D40B8D6CB9D27D14BC8CFC4AC4AD939DAE90
HistoryJun 16, 2018 - 9:46 p.m.

Security Bulletin:  IBM Security Guardium Database Activity Monitor is affected by Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2016-0240)

2018-06-1621:46:18
www.ibm.com
8

0.001 Low

EPSS

Percentile

44.8%

JSON

Summary

IBM Security Guardium Database Activity Monitor does not force the HTTP Strict-Transport-Security Header. This could allow an attacker to obtain sensitive information using man in the middle techniques.

Vulnerability Details

CVEID: CVE-2016-0240**
DESCRIPTION:** IBM Security Guardium Database Activity Monitor does not force the HTTP Strict-Transport-Security Header. This could allow an attacker to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110411&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor V 8.2, 9.0, 9.1, 9.5, 10.0, 10.0.1, 10.1

Remediation/Fixes

_
VRMF_

| _

Remediation/First Fix_|

—|—|—
IBM Security Guardium Database Activity Monitor| _
8.2_| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_8.2p310_Bundle_Sep-27-2016&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor| _
9x_| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p700_GPU_September-2016_64-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_64-bit,SqlGuard_9.0p700_GPU_September-2016_32-bit,SqlGuard_9.0p1086_LanguageUpdate_GPU-700_32-bit&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor| _
10x_| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p100_GPU-May-2016-V10.1&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

cve 1
nvd 1
cvelist 1
prion 1
cve
cve
CVE-2016-0240
2016-10-22 03:59:01
nvd
nvd
CVE-2016-0240
2016-10-22 03:59:01
cvelist
cvelist
CVE-2016-0240
2016-10-22 01:00:00
prion
prion
Design/Logic Flaw
2016-10-22 03:59:00

0.001 Low

EPSS

Percentile

44.8%

JSON
Related for A207201071D3B307A91225986FA2D40B8D6CB9D27D14BC8CFC4AC4AD939DAE90
cve1nvd1cvelist1prion1