4 matches found
Security Bulletin: IBM Security Key Lifecycle Manager is affected by exposure of sensitive data due to missing HTTP Strict-Transport-Security Header (CVE-2016-6116)
Summary IBM Security Key Lifecycle Manager is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire. IBM Security Key...
CVE-2016-6116
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...
CVE-2016-6116
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques...
CVE-2016-6116
IBM Security Key Lifecycle Manager (formerly Tivoli Key Lifecycle Manager) is affected by CVE-2016-6116 due to missing HTTP Strict Transport Security. A remote attacker could obtain sensitive information through MITM. Affected products/versions: IBM Security Key Lifecycle Manager v2.5 (2.5.0.7 an...