Security Flaw in IBM Sterling Secure Proxy Configuration Manager
CVE-2016-6027

6.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 October 2016

Summary

The Configuration Manager in IBM Sterling Secure Proxy versions 3.4.2 (prior to 3.4.2.0 iFix 8) and 3.4.3 (prior to 3.4.3.0 iFix 1) lacks the implementation of HTTP Strict Transport Security (HSTS). This absence exposes users to heightened risks as remote attackers can exploit this weak point to intercept sensitive data or alter content transmitted via HTTP, ultimately compromising data integrity and confidentiality.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.