CVE-2016-3025IBM Security Access Manager vulnerability

CWE-2543 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.5%
top 32.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Access ManagerIBM Security Access Manager FOR Mobile
Timeline
PublishedNov 25
Latest updateMay 17

Description

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDibm/security_access_manager13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-hg84-67gc-4chq: IBM Security Access Manager for Mobile 82022-05-17
CVEList
CVE-2016-3025: IBM Security Access Manager for Mobile 82016-11-25
CVE-2016-3025 — IBM vulnerability | cvebase