Home Unlabelled IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972)

IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972)

By
Saturday, June 24, 2017
Read
Add Comment

The product is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire.

CVE(s): CVE-2016-9972

Affected product(s) and affected version(s):

· IBM QRadar SIEM 7.2.0 – 7.2.8 Patch 6

· IBM QRadar SIEM 7.3.0 – 7.3.0 Patch 1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2s2KD0D
X-Force Database: http://ift.tt/2sN9B12

The post IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2s2wiS4
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us