Описание
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:ifix1:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:ifix2:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:ifix3:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:ifix4:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:ifix5:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:ifix6:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.2.0:ifix7:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_secure_proxy:3.4.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00244
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
EPSS
Процентиль: 47%
0.00244
Низкий
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-79