Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM84E2DBF2108B403CEACF8BFC111EA476F753571973F1147972828830E3D8B76A
HistoryJun 16, 2018 - 10:01 p.m.

Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972)

2018-06-1622:01:04
www.ibm.com
12

0.001 Low

EPSS

Percentile

44.1%

JSON

Summary

The product is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire.

Vulnerability Details

CVEID: CVE-2016-9972**
DESCRIPTION:** IBM QRadar could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120208 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

ยท IBM QRadar SIEM 7.2.0 โ€“ 7.2.8 Patch 6

ยท IBM QRadar SIEM 7.3.0 โ€“ 7.3.0 Patch 1

Remediation/Fixes

ยท IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 7

ยท IBM QRadar/QRM/QVM/QRIF/QNI 7.3.0 Patch 2

Workarounds and Mitigations

None

Related

nvd 1
cve 1
prion 1
cvelist 1
nvd
nvd
CVE-2016-9972
2017-06-27 16:29:00
cve
cve
CVE-2016-9972
2017-06-27 16:29:00
prion
prion
Information disclosure
2017-06-27 16:29:00
cvelist
cvelist
CVE-2016-9972
2017-06-27 16:00:00

0.001 Low

EPSS

Percentile

44.1%

JSON
Related for 84E2DBF2108B403CEACF8BFC111EA476F753571973F1147972828830E3D8B76A
nvd1cve1prion1cvelist1