IBM Security Guardium transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques.
CVEID: CVE-2016-0238**
DESCRIPTION:** IBM Security Guardium transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110409> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Security Guardium V 9, 9.1, 9.5
V10, 10.1, 10.1.2
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium | 9x| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p1089_LanguageUpdate_GPU-750_64-bit,SqlGuard_9.0p750_GPU_March-2017_32-bit,SqlGuard_9.0p1089_LanguageUpdate_GPU-750_32-bit,SqlGuard_9.0p750_GPU_March-2017_64-bit&includeSupersedes=0&source=fc
IBM Security Guardium | 10| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&includeSupersedes=0&source=fc
None