CVE-2016-0240

CWE-2543 documents3 sources

Severity

3.7LOW

EPSS

0.2%

top 61.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Guardium Database Activity Monitor

Timeline

PublishedOct 22

Latest updateMay 17

Description

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

▶NVDibm/security_guardium_database_activity_monitor7 versions+6

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-r5hm-2gcv-49jw: IBM Security Guardium Database Activity Monitor 8↗2022-05-17

▶

CVEList

CVE-2016-0240: IBM Security Guardium Database Activity Monitor 8↗2016-10-22

▶