2 matches found
Security Bulletin: IBM Security Guardium is affected by a Missing HTTP Strict-Transport-Security Header vulnerability (CVE-2021-39072)
Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-39072 DESCRIPTION: IBM Security Guardium could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could explo...
CVE-2021-39072
CVE-2021-39072 affects IBM Security Guardium 11.1–11.4. The root cause is failure to properly enable HTTP Strict Transport Security, allowing remote attackers to potentially de-obfuscate sensitive data via man-in-the-middle. The IBM Security Guardium bulletin confirms the vulnerability and provid...