Skip to main content

7PK - Security Features

CVE-2016-0240

Severity Low
Score 3.7/10

Summary

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.

  • HIGH
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-254 - Security Features

Security features are integrated into the application infrastructure to protect its resources and the trusted environment against a known exploit, threat, or vulnerability. However, flawed, disabled, or absent security features expose the application to a variety of attacks. This is a multidimensional vulnerability with broad potential impact. It can lead to defacement, confidentiality compromise, system takeover, etc.

References

Advisory Timeline

  • Published