Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:49 p.m.26 views

Security Bulletin: IBM Security Key Lifecycle Manager is affected by exposure of sensitive data due to missing HTTP Strict-Transport-Security Header (CVE-2016-6116)

Summary IBM Security Key Lifecycle Manager is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM Security Key...

5.9CVSS0.3AI score0.01227EPSS
Exploits0Affected Software1
OSV
OSV
added 2017/02/02 10:59 p.m.2 views

CVE-2016-6116

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS5.8AI score0.01227EPSS
Exploits0References2
NVD
NVD
added 2017/02/02 10:59 p.m.16 views

CVE-2016-6116

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...

5.9CVSS5.5AI score0.01227EPSS
Exploits0References2
CVE
CVE
added 2017/02/02 10:0 p.m.48 views

CVE-2016-6116

IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) is affected by CVE-2016-6116 due to missing HTTP Strict Transport Security. A remote attacker could obtain sensitive information through MITM. Affected products/versions: IBM Security Key Lifecycle Manager v2.5 (2.5.0.7 an...

5.9CVSS5.4AI score0.01227EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder