Lucene search

[email protected]CVE-2016-3022

HistoryFeb 01, 2017 - 8:59 p.m.

CVE-2016-3022

2017-02-0120:59:00

CWE-275

[email protected]

web.nvd.nist.gov

cve-2016-3022

ibm

security access manager

web

authentication

file permissions

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

23.4%

JSON

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.

Affected configurations

Vulners

NVD

Node

ibm_corporationaccess_managerMatch9.0

ibm_corporationaccess_managerMatch9.0.0.1

ibm_corporationaccess_managerMatch9.0.1

ibm_corporationaccess_managerMatch7.0.0

ibm_corporationaccess_managerMatch8.0.0

ibm_corporationaccess_managerMatch8.0.0.1

ibm_corporationaccess_managerMatch8.0.0.2

ibm_corporationaccess_managerMatch8.0.0.3

ibm_corporationaccess_managerMatch8.0.0.4

ibm_corporationaccess_managerMatch8.0.0.5

ibm_corporationaccess_managerMatch8.0.1

ibm_corporationaccess_managerMatch8.0.1.2

ibm_corporationaccess_managerMatch8.0.1.3

ibm_corporationaccess_managerMatch8.0.1.4

ibm_corporationaccess_managerMatch9.0.0

ibm_corporationaccess_managerMatch9.0.1.0

CPENameOperatorVersion
ibm:security_access_manager_9.0_firmwareibm security access manager 9.0 firmwareeq9.0.0
ibm:security_access_manager_9.0_firmwareibm security access manager 9.0 firmwareeq9.0.0.1
ibm:security_access_manager_9.0_firmwareibm security access manager 9.0 firmwareeq9.0.1.0
ibm:security_access_manager_for_mobile_8.0_firmwareibm security access manager for mobile 8.0 firmwareeq8.0.0.1
ibm:security_access_manager_for_mobile_8.0_firmwareibm security access manager for mobile 8.0 firmwareeq8.0.0.2
ibm:security_access_manager_for_mobile_8.0_firmwareibm security access manager for mobile 8.0 firmwareeq8.0.0.3
ibm:security_access_manager_for_mobile_8.0_firmwareibm security access manager for mobile 8.0 firmwareeq8.0.0.5
ibm:security_access_manager_for_mobile_8.0_firmwareibm security access manager for mobile 8.0 firmwareeq8.0.1.0
ibm:security_access_manager_for_mobile_8.0_firmwareibm security access manager for mobile 8.0 firmwareeq8.0.1.2
ibm:security_access_manager_for_mobile_8.0_firmwareibm security access manager for mobile 8.0 firmwareeq8.0.1.3

CPE	Name	Operator	Version
ibm:security_access_manager_9.0_firmware	ibm security access manager 9.0 firmware	eq	9.0.0
ibm:security_access_manager_9.0_firmware	ibm security access manager 9.0 firmware	eq	9.0.0.1
ibm:security_access_manager_9.0_firmware	ibm security access manager 9.0 firmware	eq	9.0.1.0
ibm:security_access_manager_for_mobile_8.0_firmware	ibm security access manager for mobile 8.0 firmware	eq	8.0.0.1
ibm:security_access_manager_for_mobile_8.0_firmware	ibm security access manager for mobile 8.0 firmware	eq	8.0.0.2
ibm:security_access_manager_for_mobile_8.0_firmware	ibm security access manager for mobile 8.0 firmware	eq	8.0.0.3
ibm:security_access_manager_for_mobile_8.0_firmware	ibm security access manager for mobile 8.0 firmware	eq	8.0.0.5
ibm:security_access_manager_for_mobile_8.0_firmware	ibm security access manager for mobile 8.0 firmware	eq	8.0.1.0
ibm:security_access_manager_for_mobile_8.0_firmware	ibm security access manager for mobile 8.0 firmware	eq	8.0.1.2
ibm:security_access_manager_for_mobile_8.0_firmware	ibm security access manager for mobile 8.0 firmware	eq	8.0.1.3

Rows per page:

1-10 of 351

CNA Affected

[
  {
    "product": "Access Manager",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "9.0"
      },
      {
        "status": "affected",
        "version": "9.0.0.1"
      },
      {
        "status": "affected",
        "version": "9.0.1"
      },
      {
        "status": "affected",
        "version": "7.0.0"
      },
      {
        "status": "affected",
        "version": "8.0.0"
      },
      {
        "status": "affected",
        "version": "8.0.0.1"
      },
      {
        "status": "affected",
        "version": "8.0.0.2"
      },
      {
        "status": "affected",
        "version": "8.0.0.3"
      },
      {
        "status": "affected",
        "version": "8.0.0.4"
      },
      {
        "status": "affected",
        "version": "8.0.0.5"
      },
      {
        "status": "affected",
        "version": "8.0.1"
      },
      {
        "status": "affected",
        "version": "8.0.1.2"
      },
      {
        "status": "affected",
        "version": "8.0.1.3"
      },
      {
        "status": "affected",
        "version": "8.0.1.4"
      },
      {
        "status": "affected",
        "version": "9.0.0"
      },
      {
        "status": "affected",
        "version": "9.0.1.0"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21995360

www.securityfocus.com/bid/96130

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

23.4%

JSON

Related for CVE-2016-3022

ibm1 prion1 nvd1 cvelist1