Man-in-the-Middle Vulnerability in IBM Sterling Secure Proxy
CVE-2016-6026
5.3MEDIUM
Summary
The Configuration Manager in IBM Sterling Secure Proxy (SSP) versions 3.4.2 prior to iFix 8 and 3.4.3 prior to iFix 1 is vulnerable to man-in-the-middle attacks. This issue arises from the acceptance of HTTP methods that are neither GET nor POST, which allows unauthorized attackers to intercept sensitive data transmitted between users and the server. Organizations using affected versions should take immediate steps to mitigate this vulnerability by updating to the recommended patches.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved