CVE-2016-6027 — Cross-site Scripting in IBM Sterling Secure Proxy

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 52.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling Secure Proxy

Timeline

PublishedOct 6

Latest updateMay 17

Description

The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDibm/sterling_secure_proxy3.4.2.0, 3.4.3.0+1

🔴Vulnerability Details

GHSA

GHSA-wg33-vhj2-vmvx: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3↗2022-05-17

▶

CVEList

CVE-2016-6027: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3↗2016-10-06

▶