Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD177F77F7263BCFEF73FC582BE58C916F9B05CD6F31BAD3DE00A035C759ABFFE
HistoryJun 16, 2018 - 9:45 p.m.

Security Bulletin: IBM Security Access Manager appliances use some weak cryptographic algorithms for stash file encryption (CVE-2016-3019)

2018-06-1621:45:12
www.ibm.com
8

EPSS

0.001

Percentile

44.0%

JSON

Summary

IBM Security Access Manager appliance use password stash files, which may be encrypted using a weak encryption algorithm.

Vulnerability Details

CVEID: CVE-2016-3019**
DESCRIPTION:** IBM Security Access Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114462 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Security Access Manager 9.0, all firmware versions

Remediation/Fixes

Product

| VRMF|APAR|Remediation
—|—|—|—
IBM Security Access Manager| 9.0 -
9.0.2.0, 9.0.3.0| IV92169| 1. For releases prior to ISAM 9.0.3.0, upgrade to 9.0.3.0:
IBM Security Access Manager V9.0.3 Multiplatform, Multilingual (CRW4EML)
2. Apply 9.0.3.0 IF0001:
9.0.3.0-ISS-ISAM-IF0001

Workarounds and Mitigations

None.

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2016-3019
2017-06-07 17:29:00
prion
prion
Code injection
2017-06-07 17:29:00
cvelist
cvelist
CVE-2016-3019
2017-06-07 17:00:00
nvd
nvd
CVE-2016-3019
2017-06-07 17:29:00

EPSS

0.001

Percentile

44.0%

JSON
Related for D177F77F7263BCFEF73FC582BE58C916F9B05CD6F31BAD3DE00A035C759ABFFE
cve1prion1cvelist1nvd1