6.1
CVE-2016-6027
- EPSS 0.24%
- Veröffentlicht 06.10.2016 10:59:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling Secure Proxy Version3.4.2.0
Ibm ≫ Sterling Secure Proxy Version3.4.2.0 Updateifix1
Ibm ≫ Sterling Secure Proxy Version3.4.2.0 Updateifix2
Ibm ≫ Sterling Secure Proxy Version3.4.2.0 Updateifix3
Ibm ≫ Sterling Secure Proxy Version3.4.2.0 Updateifix4
Ibm ≫ Sterling Secure Proxy Version3.4.2.0 Updateifix5
Ibm ≫ Sterling Secure Proxy Version3.4.2.0 Updateifix6
Ibm ≫ Sterling Secure Proxy Version3.4.2.0 Updateifix7
Ibm ≫ Sterling Secure Proxy Version3.4.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.448 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.