CVE-2016-3020Improper Access Control in Corporation Access Manager

CWE-284Improper Access Control3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 58.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Corporation Access Manager
Timeline
PublishedFeb 7
Latest updateMay 13

Description

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5ibm_corporation/access_manager17 versions+16

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-8px6-jg7c-h734: IBM Security Access Manager for Web 72022-05-13
CVEList
CVE-2016-3020: IBM Security Access Manager for Web 72017-02-07
CVE-2016-3020 — Improper Access Control | cvebase