CVE-2016-0297

low

Published 2017-02-01 · Modified 2026-05-13

CVSS v3

3.7

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2

4.3

VIR risk

3.7

Description

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.

Predictions

Exploit likelihood

47%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21993214

Application impact

Vendor	Product	Versions
ibm	bigfix_platform	`9.0`
ibm	bigfix_platform	`9.1`
ibm	bigfix_platform	`9.2`
ibm	bigfix_platform	`9.5`

References

http://www.ibm.com/support/docview.wss?uid=swg21993214
http://www.securityfocus.com/bid/94188
http://www.ibm.com/support/docview.wss?uid=swg21993214
http://www.securityfocus.com/bid/94188

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.