VIR Vulnerability Intelligence Relay

CVE-2016-0240

low
Published 2016-10-22 · Modified 2026-05-06
CVSS v3
3.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS v2
4.3
VIR risk
3.7

Description

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

Predictions

Exploit likelihood
47%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21990232

Application impact
VendorProductVersionsFixed
ibmsecurity_guardium_database_activity_monitor8.2
ibmsecurity_guardium_database_activity_monitor9.0
ibmsecurity_guardium_database_activity_monitor9.1
ibmsecurity_guardium_database_activity_monitor9.5
ibmsecurity_guardium_database_activity_monitor10.0
ibmsecurity_guardium_database_activity_monitor10.1
ibmsecurity_guardium_database_activity_monitor10.01

References

CWEs

CWE-254

Verify integrity in audit chain (admin only). AS-IS.