Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB25B58C5EF7E348D085E116403936447E1EDD8EB416F983B4D77E3AA9FB29FE0
HistoryJun 16, 2018 - 9:48 p.m.

Security Bulletin: IBM Security Access Manager appliances are affected by an information exposure vulnerability (CVE-2016-3021)

2018-06-1621:48:36
www.ibm.com
6

0.0005 Low

EPSS

Percentile

19.1%

JSON

Summary

In certain circumstances, IBM Security Access Manager appliances may generate an error message that includes sensitive information about its environment, users, or associated data.

Vulnerability Details

CVEID: CVE-2016-3021**
DESCRIPTION:** IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
CVSS Base Score: 2.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114466&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Access Manager for Web 7.0 appliances, all firmware versions.

IBM Security Access Manager for Web 8.0 appliances, all firmware versions.

IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions.

IBM Security Access Manager 9.0 appliances, all firmware versions.

Remediation/Fixes

IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.

Product VRMF APAR Remediation
IBM Security Access Manager for Web 7.0 (appliance) IV90720 Apply Interim Fix 28:
7.0.0-ISS-WGA-IF0028
IBM Security Access Manager for Web 8.0.0.0 -
8.0.1.4 IV90688 Upgrade to 8.0.1.5:
8.0.1-ISS-WGA-FP0005
IBM Security Access Manager for Mobile 8.0.0.0 -
8.0.1.4 IV90706 Upgrade to 8.0.1.5:
8.0.1-ISS-ISAM-FP0005
IBM Security Access Manager 9.0 - 9.0.1.0 IV90507 Upgrade to 9.0.2.0:
IBM Security Access Manager V9.0.2 Multiplatform, Multilingual (CRW4EML)

Workarounds and Mitigations

None.

Related

cve 1
nvd 1
prion 1
cvelist 1
cve
cve
CVE-2016-3021
2017-02-01 20:59:00
nvd
nvd
CVE-2016-3021
2017-02-01 20:59:00
prion
prion
Cross site request forgery (csrf)
2017-02-01 20:59:00
cvelist
cvelist
CVE-2016-3021
2017-02-01 20:00:00

0.0005 Low

EPSS

Percentile

19.1%

JSON
Related for B25B58C5EF7E348D085E116403936447E1EDD8EB416F983B4D77E3AA9FB29FE0
cve1nvd1prion1cvelist1