CVE-2016-0238
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/110409
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21989124
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | security_guardium | 9.0 | |
| ibm | security_guardium | 9.1 | |
| ibm | security_guardium | 9.5 | |
| ibm | security_guardium | 10.0 | |
| ibm | security_guardium | 10.1 | |
| ibm | security_guardium | 10.1.2 | |
References
- http://www.ibm.com/support/docview.wss?uid=swg21989124
- http://www.securityfocus.com/bid/99379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/110409
- http://www.ibm.com/support/docview.wss?uid=swg21989124
- http://www.securityfocus.com/bid/99379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/110409
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.