CVE-2016-0248

Vulnerability

The vulnerability exists in IBM Security Guardium versions 9.0 before p700 and 10.0 before p100. It transmits query parameters in SSL requests without proper protection, enabling man-in-the-middle attackers to capture sensitive information from SSL sessions via unspecified vectors [1].

Exploitation

An attacker with network access to the communication path between the Guardium client and server can perform a man-in-the-middle attack. No authentication is required, but the attacker must be able to intercept and decrypt SSL traffic (e.g., by using a rogue certificate or exploiting weak cipher suites). The exact exploitation steps are not detailed, but the attack leverages the transmission of query parameters in plaintext within the SSL session [1].

Impact

Successful exploitation allows the attacker to obtain sensitive query-string information, leading to limited confidentiality impact (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). The attacker gains no write or execution capabilities; only disclosure of data passed in query strings [1].

Mitigation

IBM released fixes: p700 for version 9.0 and p100 for version 10.0. Users should upgrade to these or later versions. No workarounds are available. The vulnerability is not listed on CISA's KEV [1].