Remote Information Disclosure Vulnerability in IBM QRadar
CVE-2016-9972
5.9MEDIUM
Summary
A vulnerability exists in IBM QRadar versions 7.2 and 7.3 that could enable a remote attacker to access sensitive information. This issue arises from an improper configuration of HTTP Strict Transport Security (HSTS). An attacker can exploit this weakness using man-in-the-middle techniques, potentially compromising data confidentiality during transmission. For additional details, refer to the IBM support documentation and related security advisories.
Affected Version(s)
Security QRadar SIEM 7.2
Security QRadar SIEM 7.3
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved