CVE-2016-3046 — SQL Injection in Corporation Access Manager

CWE-89 — SQL Injection3 documents3 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 69.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Access Manager

Timeline

PublishedFeb 1

Latest updateMay 13

Description

IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5ibm_corporation/access_manager16 versions+15

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-w4vg-xqpc-cc8m: IBM Security Access Manager for Web is vulnerable to SQL injection↗2022-05-13

▶

CVEList

CVE-2016-3046: IBM Security Access Manager for Web is vulnerable to SQL injection↗2017-02-01

▶