CVE-2016-3016

CWE-3454 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 75.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Access Manager IBM Security Access Manager 9.0 Firmware IBM Security Access Manager FOR Mobile 8.0 Firmware +2 more

Timeline

PublishedFeb 1

Latest updateMay 13

Description

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages3 packages

▶NVDibm/security_access_manager24 versions+23

▶NVDibm/security_access_manager_9.0_firmware9.0.0, 9.0.0.1, 9.0.1.0+2

▶CVEListV5ibm_corporation/access_manager16 versions+15

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-prq3-j8m2-5xg7: IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the↗2022-05-13

▶

CVEList

CVE-2016-3016: IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the↗2017-02-01

▶

OSV

linux-lts-xenial vulnerabilities↗2016-06-27

▶