CVE-2017-1476

Name of the Vulnerable Software and Affected Versions: IBM Security Access Manager Appliance versions 7.0.0 IBM Security Access Manager Appliance versions 8.0.0 through 8.0.1.6 IBM Security Access Manager Appliance versions 9.0.0 through 9.0.3.1

Description: The issue is caused by the failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive information. An attacker could exploit this to obtain sensitive information using man-in-the-middle techniques.

Recommendations: For version 7.0.0, enable HTTP Strict Transport Security to prevent man-in-the-middle attacks. For versions 8.0.0 through 8.0.1.6, enable HTTP Strict Transport Security to prevent man-in-the-middle attacks. For versions 9.0.0 through 9.0.3.1, enable HTTP Strict Transport Security to prevent man-in-the-middle attacks.