Man-in-the-Middle Vulnerability in IBM Sterling Secure Proxy
CVE-2016-6026

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 October 2016

Summary

The Configuration Manager in IBM Sterling Secure Proxy (SSP) versions 3.4.2 prior to iFix 8 and 3.4.3 prior to iFix 1 is vulnerable to man-in-the-middle attacks. This issue arises from the acceptance of HTTP methods that are neither GET nor POST, which allows unauthorized attackers to intercept sensitive data transmitted between users and the server. Organizations using affected versions should take immediate steps to mitigate this vulnerability by updating to the recommended patches.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.