8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
IBM Security Access Manager Appliance has addressed the following vulnerabilities.
CVEID: CVE-2016-10142 DESCRIPTION: The IETF IPv6 protocol is vulnerable to a denial of service. By leveraging the generation of IPv6 atomic fragments and using the fragments in an arbitrary IPv6 flow, a remote attacker could exploit this vulnerability to perform any type of a fragmentation-based attack against legacy IPv6 nodes and trigger a kernel panic.
CVSS Base Score: 8.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124080> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
CVEID: CVE-2017-11176 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a sock pointer not set to NULL in the mq_notify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129055> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2015-3331 DESCRIPTION: Linux Kernel, built with the Intel AES-NI instructions for AES algorithm support (CONFIG_CRYPTO_AES_NI_INTEL), is vulnerable to a buffer overflow, caused by improper bounds checking by the RFC4106 GCM mode decryption functionality. By sending fragmented packets using the Intel AES-NI instruction, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103483> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2014-2523 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an error in the /netfilter/nf_conntrack_proto_dccp.c file. By sending a specially-crafted DCCP packet, an attacker could exploit this vulnerability to corrupt kernel stack memory and execute arbitrary code on the system with kernel privileges.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91910> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Affected IBM Security Access Manager Appliance
|
Affected Versions
—|—
IBM Security Access Manager for Web | 7.0 - 7.0.0.33
IBM Security Access Manager for Web | 8.0 - 8.0.1.7
IBM Security Access Manager for Mobile | 8.0 - 8.0.1.7
| VRMF |APAR|Remediation
—|—|—|—
IBM Security Access Manager for Web | 7.0 - 7.0.0.34 (appliance) | IJ08617 | Apply Interim Fix 35:
7.0.0-ISS-WGA-IF0035
IBM Security Access Manager for Web | 8.0.0.0 -
8.0.1.7 | IJ08672 |
Upgrade to 8.0.1.8:
8.0.1-ISS-WGA-FP0008_ _
IBM Security Access Manager for Mobile | 8.0.0.0 -
8.0.1.7 | IJ08578 |
Upgrade to 8.0.1.8:
8.0.1-ISS-ISAM-FP0008
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm security access manager appliance | eq | any |
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C