ID
VAR-201702-0180
CVE
CVE-2016-3016
TITLE
IBM Security Access Manager Vulnerable to malicious code loading
Trust: 0.8
sources:
JVNDB: JVNDB-2016-007240
DESCRIPTION
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. Multiple IBM Products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. IBM Security Access Manager is a product applied to information security management of IBM Corporation in the United States. The product enables access management control through integrated appliances for web, mobile and cloud computing. A security vulnerability exists in IBM Security Access Manager. Attackers can exploit this vulnerability to upload malicious code. The following versions are affected: IBM Security Access Manager for Web versions 7.0 and 8.0, Security Access Manager for Mobile version 8.0, Security Access Manager version 9.0
Trust: 1.98
sources:
NVD: CVE-2016-3016 //
JVNDB: JVNDB-2016-007240 //
BID: 96362 //
VULHUB: VHN-91835
AFFECTED PRODUCTS
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.12 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.2 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.11 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.3 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.15 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.13 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.14 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.1 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.16 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.10 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.2 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager 9.0 | scope: | eq | version: | 9.0.1.0 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.6 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.0 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.3 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager 9.0 | scope: | eq | version: | 9.0.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager 9.0 | scope: | eq | version: | 9.0.0 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.4 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.0 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.7 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.3 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.8 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.2 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.3 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.4 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.2 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.2 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.3 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 7.0 | scope: | eq | version: | 7.0.0.9 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.4 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for mobile software | scope: | eq | version: | 8.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web software | scope: | eq | version: | 7.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web software | scope: | eq | version: | 8.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager software | scope: | eq | version: | 9.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.03 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.02 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.9 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.8 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.7 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.6 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.20 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.19 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.18 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.17 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.16 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.15 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.14 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.13 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.12 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.11 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.10 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0.2.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0.1.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0 | Trust: 0.3 |
sources:
BID: 96362 //
JVNDB: JVNDB-2016-007240 //
CNNVD: CNNVD-201702-065 //
NVD: CVE-2016-3016
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-91835 //
JVNDB: JVNDB-2016-007240 //
CNNVD: CNNVD-201702-065 //
NVD: CVE-2016-3016
PROBLEMTYPE DATA
| problemtype: | CWE-345 | Trust: 1.9 |
sources:
VULHUB: VHN-91835 //
JVNDB: JVNDB-2016-007240 //
NVD: CVE-2016-3016
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201702-065
TYPE
data forgery
Trust: 0.6
sources:
CNNVD: CNNVD-201702-065
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-007240
PATCH
| title: | 1995518 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21995518 | Trust: 0.8 |
| title: | IBM Security Access Manager Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67451 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2016-007240 //
CNNVD: CNNVD-201702-065
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-3016 | Trust: 2.8 |
| db: | JVNDB | id: | JVNDB-2016-007240 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201702-065 | Trust: 0.7 |
| db: | BID | id: | 96362 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-91835 | Trust: 0.1 |
sources:
VULHUB: VHN-91835 //
BID: 96362 //
JVNDB: JVNDB-2016-007240 //
CNNVD: CNNVD-201702-065 //
NVD: CVE-2016-3016
REFERENCES
| url: | http://www.ibm.com/support/docview.wss?uid=swg21995518 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3016 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3016 | Trust: 0.8 |
| url: | http://www.ibm.com/ | Trust: 0.3 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg21995518 | Trust: 0.3 |
sources:
VULHUB: VHN-91835 //
BID: 96362 //
JVNDB: JVNDB-2016-007240 //
CNNVD: CNNVD-201702-065 //
NVD: CVE-2016-3016
CREDITS
IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitryi Beryoza.
Trust: 0.3
sources:
BID: 96362
SOURCES
| db: | VULHUB | id: | VHN-91835 |
| db: | BID | id: | 96362 |
| db: | JVNDB | id: | JVNDB-2016-007240 |
| db: | CNNVD | id: | CNNVD-201702-065 |
| db: | NVD | id: | CVE-2016-3016 |
LAST UPDATE DATE
2024-11-23T22:49:08.876000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-91835 | date: | 2020-10-27T00:00:00 |
| db: | BID | id: | 96362 | date: | 2017-03-07T02:06:00 |
| db: | JVNDB | id: | JVNDB-2016-007240 | date: | 2017-02-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201702-065 | date: | 2020-10-28T00:00:00 |
| db: | NVD | id: | CVE-2016-3016 | date: | 2024-11-21T02:49:12.020 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-91835 | date: | 2017-02-01T00:00:00 |
| db: | BID | id: | 96362 | date: | 2017-02-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-007240 | date: | 2017-02-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201702-065 | date: | 2017-02-06T00:00:00 |
| db: | NVD | id: | CVE-2016-3016 | date: | 2017-02-01T20:59:00.427 |