IBM639B53B7A04D8F9349876A840B9434ADB1962785062A9A1F68BDD747A59A387BSecurity Bulletin: IBM InfoSphere Guardium is affected by Cleartext Transmission of Sensitive Information vulnerability (CVE-2016-0238 )
EPSS
Percentile
32.1%
Summary
IBM Security Guardium transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques.
Vulnerability Details
CVEID: CVE-2016-0238**
DESCRIPTION:** IBM Security Guardium transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110409> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Security Guardium V 9, 9.1, 9.5
V10, 10.1, 10.1.2
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium | 9x| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p1089_LanguageUpdate_GPU-750_64-bit,SqlGuard_9.0p750_GPU_March-2017_32-bit,SqlGuard_9.0p1089_LanguageUpdate_GPU-750_32-bit,SqlGuard_9.0p750_GPU_March-2017_64-bit&includeSupersedes=0&source=fc
IBM Security Guardium | 10| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.1%