CVE-2021-39072: 
IBM Guardium Appliance vulnerability analysis and mitigation

IBM Security Guardium 11.3 was found to contain a vulnerability related to HTTP Strict Transport Security (CVE-2021-39072). The vulnerability was discovered and disclosed in August 2021, affecting IBM Security Guardium versions 11.1 through 11.4. The issue stems from the failure to properly enable HTTP Strict Transport Security (IBM Security Bulletin).

The vulnerability has been assigned a CVSS Base score of 5.9 with the following vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. The technical issue involves the improper implementation of HTTP Strict Transport Security, which is a security feature designed to protect against protocol downgrade attacks and cookie hijacking (IBM Security Bulletin).

An attacker could potentially exploit this vulnerability to obtain sensitive information using man-in-the-middle techniques. The vulnerability affects the confidentiality of the system, though there is no direct impact on system integrity or availability (IBM Security Bulletin).

IBM has released fixes for all affected versions (11.1 through 11.4) and encourages customers to update their systems promptly. No workarounds or alternative mitigations have been identified for this vulnerability (IBM Security Bulletin).

The vulnerability was identified by members of the IBM X-Force Ethical Hacking Team, including John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Gabor Minyo, Geoffrey Owden, and Ben Goodspeed (IBM Security Bulletin).