CVE-2016-6027
published 2016-10-06CVE-2016-6027: The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | sterling_secure_proxy | — | — |
| ibm | sterling_secure_proxy | — | — |