IBM Security Bulletin: Vulnerability due to a missing HTTP Strict Transport Security header affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8966)

Due to a missing HTTP Strict Transport Security header an unaware user can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire.

CVE(s): CVE-2016-8966

Affected product(s) and affected version(s):

IBM License Metric Tool v9.x
IBM BigFix Inventory v9.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ihlE49
X-Force Database: http://ift.tt/2hoDsG0

from IBM Product Security Incident Response Team http://ift.tt/2ihfvEO