The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 prior to 3.4.2.0 iFix 8 and 3.4.3 prior to 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote malicious users to obtain sensitive information or modify data by leveraging use of HTTP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm sterling secure proxy 3.4.3.0 |
||
ibm sterling secure proxy 3.4.2.0 |