IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972)

The product is missing the HTTP Strict Transport Security header. Users can navigate by mistake to the unencrypted version of the web application or accept invalid certificates. This leads to sensitive data being sent unencrypted over the wire.

CVE(s): CVE-2016-9972

Affected product(s) and affected version(s):

· IBM QRadar SIEM 7.2.0 – 7.2.8 Patch 6

· IBM QRadar SIEM 7.3.0 – 7.3.0 Patch 1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2s2KD0D
X-Force Database: http://ift.tt/2sN9B12

The post IBM Security Bulletin: IBM QRadar SIEM is missing HSTS header. (CVE-2016-9972) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2s2wiS4