Описание
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:security_guardium_database_activity_monitor:8.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_guardium_database_activity_monitor:9.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_guardium_database_activity_monitor:9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_guardium_database_activity_monitor:9.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_guardium_database_activity_monitor:10.01:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00171
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-254
Связанные уязвимости
CVSS3: 3.7
github
больше 3 лет назад
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
EPSS
Процентиль: 39%
0.00171
Низкий
3.7 Low
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-254