CVE-2016-0240

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
ibmsecurity_guardium_database_activity_monitor
8.2
ibmsecurity_guardium_database_activity_monitor
9.0
ibmsecurity_guardium_database_activity_monitor
9.1
ibmsecurity_guardium_database_activity_monitor
9.5
ibmsecurity_guardium_database_activity_monitor
10.0
ibmsecurity_guardium_database_activity_monitor
10.1
ibmsecurity_guardium_database_activity_monitor
10.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21990232
http://www.securityfocus.com/bid/93836
http://www-01.ibm.com/support/docview.wss?uid=swg21990232
http://www.securityfocus.com/bid/93836