What is the severity of CVE-2016-6029?

CVE-2016-6029 is classified as a medium severity vulnerability.

How do I fix CVE-2016-6029?

To fix CVE-2016-6029, ensure that HTTP Strict Transport Security is properly enabled on the affected versions.

Can CVE-2016-6029 lead to data breaches?

Yes, CVE-2016-6029 can potentially allow attackers to obtain sensitive information through man-in-the-middle attacks.

Is there a workaround for CVE-2016-6029?

Currently, the recommended approach is to update the software to ensure HTTP Strict Transport Security is enabled.

Vulnerability/
CVE-2016-6029

medium

5.9

CWE

200

4/8/2017

6/8/2024

CVE-2016-6029: Infoleak

First published: Fri Aug 04 2017(Updated: )

IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Emptoris Strategic Supply Management	=10.0.0.0
IBM Emptoris Strategic Supply Management	=10.0.0.1
IBM Emptoris Strategic Supply Management	=10.0.0.2
IBM Emptoris Strategic Supply Management	=10.0.0.3
IBM Emptoris Strategic Supply Management	=10.0.1.0
IBM Emptoris Strategic Supply Management	=10.0.1.1
IBM Emptoris Strategic Supply Management	=10.0.1.2
IBM Emptoris Strategic Supply Management	=10.0.1.3
IBM Emptoris Strategic Supply Management	=10.0.1.4
IBM Emptoris Strategic Supply Management	=10.0.2.0
IBM Emptoris Strategic Supply Management	=10.0.2.1
IBM Emptoris Strategic Supply Management	=10.0.2.2
IBM Emptoris Strategic Supply Management	=10.0.2.3
IBM Emptoris Strategic Supply Management	=10.0.2.4
IBM Emptoris Strategic Supply Management	=10.0.2.5
IBM Emptoris Strategic Supply Management	=10.0.2.6
IBM Emptoris Strategic Supply Management	=10.0.2.7
IBM Emptoris Strategic Supply Management	=10.0.2.8
IBM Emptoris Strategic Supply Management	=10.0.2.9
IBM Emptoris Strategic Supply Management	=10.0.2.10
IBM Emptoris Strategic Supply Management	=10.0.2.11
IBM Emptoris Strategic Supply Management	=10.0.2.12
IBM Emptoris Strategic Supply Management	=10.0.2.13
IBM Emptoris Strategic Supply Management	=10.0.2.14
IBM Emptoris Strategic Supply Management	=10.0.2.15
IBM Emptoris Strategic Supply Management	=10.0.4.0
IBM Emptoris Strategic Supply Management	=10.1.0.0
IBM Emptoris Strategic Supply Management	=10.1.0.1
IBM Emptoris Strategic Supply Management	=10.1.0.2
IBM Emptoris Strategic Supply Management	=10.1.0.3
IBM Emptoris Strategic Supply Management	=10.1.0.4
IBM Emptoris Strategic Supply Management	=10.1.0.5
IBM Emptoris Strategic Supply Management	=10.1.0.6
IBM Emptoris Strategic Supply Management	=10.1.0.7
IBM Emptoris Strategic Supply Management	=10.1.0.8
IBM Emptoris Strategic Supply Management	=10.1.0.9
IBM Emptoris Strategic Supply Management	=10.1.0.10
IBM Emptoris Strategic Supply Management	=10.1.1.0
IBM Emptoris Strategic Supply Management	=10.1.1.1
IBM Emptoris Strategic Supply Management	=10.1.1.2
IBM Emptoris Strategic Supply Management	=10.1.1.3
IBM Emptoris Strategic Supply Management	=10.1.1.4
IBM Emptoris Strategic Supply Management	=10.1.1.5
IBM Emptoris Strategic Supply Management	=10.1.1.6
IBM Emptoris Strategic Supply Management	=10.1.1.7
IBM Emptoris Strategic Supply Management	=10.1.1.8

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22006799

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6029?
CVE-2016-6029 is classified as a medium severity vulnerability.
How do I fix CVE-2016-6029?
To fix CVE-2016-6029, ensure that HTTP Strict Transport Security is properly enabled on the affected versions.
What versions of IBM Emptoris are affected by CVE-2016-6029?
CVE-2016-6029 affects IBM Emptoris Strategic Supply Management Platform versions 10.0 and 10.1.
Can CVE-2016-6029 lead to data breaches?
Yes, CVE-2016-6029 can potentially allow attackers to obtain sensitive information through man-in-the-middle attacks.
Is there a workaround for CVE-2016-6029?
Currently, the recommended approach is to update the software to ensure HTTP Strict Transport Security is enabled.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/severity
agent/remedy
agent/tags
agent/first-publish-date
agent/event
agent/description
agent/source
vendor/ibm
canonical/ibm emptoris strategic supply management
version/ibm emptoris strategic supply management/10.0.0.0
version/ibm emptoris strategic supply management/10.0.0.1
version/ibm emptoris strategic supply management/10.0.0.2
version/ibm emptoris strategic supply management/10.0.0.3
version/ibm emptoris strategic supply management/10.0.1.0
version/ibm emptoris strategic supply management/10.0.1.1
version/ibm emptoris strategic supply management/10.0.1.2
version/ibm emptoris strategic supply management/10.0.1.3
version/ibm emptoris strategic supply management/10.0.1.4
version/ibm emptoris strategic supply management/10.0.2.0
version/ibm emptoris strategic supply management/10.0.2.1
version/ibm emptoris strategic supply management/10.0.2.2
version/ibm emptoris strategic supply management/10.0.2.3
version/ibm emptoris strategic supply management/10.0.2.4
version/ibm emptoris strategic supply management/10.0.2.5
version/ibm emptoris strategic supply management/10.0.2.6
version/ibm emptoris strategic supply management/10.0.2.7
version/ibm emptoris strategic supply management/10.0.2.8
version/ibm emptoris strategic supply management/10.0.2.9
version/ibm emptoris strategic supply management/10.0.2.10
version/ibm emptoris strategic supply management/10.0.2.11
version/ibm emptoris strategic supply management/10.0.2.12
version/ibm emptoris strategic supply management/10.0.2.13
version/ibm emptoris strategic supply management/10.0.2.14
version/ibm emptoris strategic supply management/10.0.2.15
version/ibm emptoris strategic supply management/10.0.4.0
version/ibm emptoris strategic supply management/10.1.0.0
version/ibm emptoris strategic supply management/10.1.0.1
version/ibm emptoris strategic supply management/10.1.0.2
version/ibm emptoris strategic supply management/10.1.0.3
version/ibm emptoris strategic supply management/10.1.0.4
version/ibm emptoris strategic supply management/10.1.0.5
version/ibm emptoris strategic supply management/10.1.0.6
version/ibm emptoris strategic supply management/10.1.0.7
version/ibm emptoris strategic supply management/10.1.0.8
version/ibm emptoris strategic supply management/10.1.0.9
version/ibm emptoris strategic supply management/10.1.0.10
version/ibm emptoris strategic supply management/10.1.1.0
version/ibm emptoris strategic supply management/10.1.1.1
version/ibm emptoris strategic supply management/10.1.1.2
version/ibm emptoris strategic supply management/10.1.1.3
version/ibm emptoris strategic supply management/10.1.1.4
version/ibm emptoris strategic supply management/10.1.1.5
version/ibm emptoris strategic supply management/10.1.1.6
version/ibm emptoris strategic supply management/10.1.1.7
version/ibm emptoris strategic supply management/10.1.1.8

CVE-2016-6029: Infoleak

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-6029?

How do I fix CVE-2016-6029?

What versions of IBM Emptoris are affected by CVE-2016-6029?

Can CVE-2016-6029 lead to data breaches?

Is there a workaround for CVE-2016-6029?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-6029?

How do I fix CVE-2016-6029?

What versions of IBM Emptoris are affected by CVE-2016-6029?

Can CVE-2016-6029 lead to data breaches?

Is there a workaround for CVE-2016-6029?