CVE-2016-3045

CWE-200Information Exposure3 documents3 sources
Severity
3.7LOW
EPSS
0.2%
top 59.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
IBM Corporation Access ManagerIBM Security Access ManagerIBM Security Access Manager FOR Mobile+1 more
Timeline
PublishedFeb 1
Latest updateMay 17

Description

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDibm/security_access_manager12 versions+11
CVEListV5ibm_corporation/access_manager16 versions+15

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-q8q4-fh2x-97q3: IBM Security Access Manager for Web stores sensitive information in URL parameters2022-05-17
CVEList
CVE-2016-3045: IBM Security Access Manager for Web stores sensitive information in URL parameters2017-02-01
CVE-2016-3045 (LOW CVSS 3.7) | IBM Security Access Manager for Web | cvebase.io