Vulnerabilities > CVE-2016-0240 - 7PK - Security Features vulnerability in IBM Security Guardium Database Activity Monitor

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

ibm

CWE-254

NVD

Published: 2016-10-22

Updated: 2016-11-28

Summary

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Guardium Database Activity Monitor 8.2 IBM Security Guardium Database Activity Monitor 9.0 IBM Security Guardium Database Activity Monitor 9.1 IBM Security Guardium Database Activity Monitor 9.5 IBM Security Guardium Database Activity Monitor 10.0 IBM Security Guardium Database Activity Monitor 10.01 IBM Security Guardium Database Activity Monitor 10.1	7

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References