The product is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire.
CVE(s): CVE-2016-9972
Affected product(s) and affected version(s):
· IBM QRadar SIEM 7.2.0 – 7.2.8 Patch 6
· IBM QRadar SIEM 7.3.0 – 7.3.0 Patch 1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2s2KD0D
X-Force Database: http://ift.tt/2sN9B12
The post IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2s2wiS4
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.