CVE-2016-0248 — Sensitive Information Exposure in IBM Security Guardium

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

3.7LOWNVD

EPSS

0.3%

top 44.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Guardium

Timeline

PublishedSep 26

Latest updateMay 17

Description

IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

▶NVDibm/security_guardium10.0, 9.0+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-787q-cpr8-8qj7: IBM Security Guardium 9↗2022-05-17

▶

CVEList

CVE-2016-0248: IBM Security Guardium 9↗2016-09-26

▶

💬Community

Bugzilla

CVE-2016-6344 JBoss bpms 6.3.x cookie does not set httponly↗2016-08-31

▶

Bugzilla

CVE-2016-4434 tika: XML External Entity vulnerability↗2016-05-27

▶