Security Flaw in IBM Sterling Secure Proxy Configuration Manager
CVE-2016-6027
6.1MEDIUM
Summary
The Configuration Manager in IBM Sterling Secure Proxy versions 3.4.2 (prior to 3.4.2.0 iFix 8) and 3.4.3 (prior to 3.4.3.0 iFix 1) lacks the implementation of HTTP Strict Transport Security (HSTS). This absence exposes users to heightened risks as remote attackers can exploit this weak point to intercept sensitive data or alter content transmitted via HTTP, ultimately compromising data integrity and confidentiality.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved