CVE-2016-0238

LOW

IBM Security Guardium <10.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99379
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21989124

Scores

CVSS v3 3.7
EPSS 0.0094
EPSS Percentile 56.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (12)
IBM/Security Guardium 10.0
IBM/Security Guardium 10.1
IBM/Security Guardium 10.1.2
IBM/Security Guardium 9.0
IBM/Security Guardium 9.1
IBM/Security Guardium 9.5
ibm/security_guardium 9.0
ibm/security_guardium 9.1
ibm/security_guardium 9.5
ibm/security_guardium 10.0
... and 2 more
Published Jul 05, 2017
Tracked Since Feb 18, 2026