CVE Vulnerabilities

CVE-2016-0240

Published: Oct 22, 2016 | Modified: Nov 28, 2016
CVSS 3.x
3.7
LOW
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

Affected Software

Name Vendor Start Version End Version
Security_guardium_database_activity_monitor Ibm 9.0 9.0
Security_guardium_database_activity_monitor Ibm 8.2 8.2
Security_guardium_database_activity_monitor Ibm 10.1 10.1
Security_guardium_database_activity_monitor Ibm 9.5 9.5
Security_guardium_database_activity_monitor Ibm 10.01 10.01
Security_guardium_database_activity_monitor Ibm 9.1 9.1
Security_guardium_database_activity_monitor Ibm 10.0 10.0

References