ID
VAR-201702-0366
CVE
CVE-2016-3024
TITLE
IBM Security Access Manager In Web Vulnerability to store pages locally
Trust: 0.8
sources:
JVNDB: JVNDB-2016-007246
DESCRIPTION
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. A local attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing
Trust: 1.98
sources:
NVD: CVE-2016-3024 //
JVNDB: JVNDB-2016-007246 //
BID: 96132 //
VULHUB: VHN-91843
AFFECTED PRODUCTS
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.3 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.2 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.1 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.3 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.2 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.5 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.2 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager 9.0 | scope: | eq | version: | 9.0.0 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.0 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.0.1 | Trust: 1.6 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.2 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager 9.0 | scope: | eq | version: | 9.0.1.0 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager 9.0 | scope: | eq | version: | 9.0.0.1 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.4 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.0 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.0.5 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.3 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile 8.0 | scope: | eq | version: | 8.0.1.3 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | 8.0.1.4 | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for mobile software | scope: | eq | version: | 8.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web software | scope: | eq | version: | 8.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager software | scope: | eq | version: | 9.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.03 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.02 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0.1.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | ne | version: | 8.0.1.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | ne | version: | 8.0.1.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | ne | version: | 9.0.2.0 | Trust: 0.3 |
sources:
BID: 96132 //
JVNDB: JVNDB-2016-007246 //
CNNVD: CNNVD-201702-059 //
NVD: CVE-2016-3024
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-91843 //
JVNDB: JVNDB-2016-007246 //
CNNVD: CNNVD-201702-059 //
NVD: CVE-2016-3024
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
sources:
VULHUB: VHN-91843 //
JVNDB: JVNDB-2016-007246 //
NVD: CVE-2016-3024
THREAT TYPE
local
Trust: 0.9
sources:
BID: 96132 //
CNNVD: CNNVD-201702-059
TYPE
information disclosure
Trust: 0.6
sources:
CNNVD: CNNVD-201702-059
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-007246
PATCH
| title: | 1995340 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21995340 | Trust: 0.8 |
| title: | IBM Security Access Manager Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67445 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2016-007246 //
CNNVD: CNNVD-201702-059
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-3024 | Trust: 2.8 |
| db: | BID | id: | 96132 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2016-007246 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201702-059 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-91843 | Trust: 0.1 |
sources:
VULHUB: VHN-91843 //
BID: 96132 //
JVNDB: JVNDB-2016-007246 //
CNNVD: CNNVD-201702-059 //
NVD: CVE-2016-3024
REFERENCES
| url: | http://www.securityfocus.com/bid/96132 | Trust: 1.7 |
| url: | http://www.ibm.com/support/docview.wss?uid=swg21995340 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3024 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3024 | Trust: 0.8 |
| url: | http://www-03.ibm.com/software/products/en/access-mgr-mobile | Trust: 0.3 |
| url: | http://www-03.ibm.com/software/products/en/access-mgr-web | Trust: 0.3 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg21995340 | Trust: 0.3 |
sources:
VULHUB: VHN-91843 //
BID: 96132 //
JVNDB: JVNDB-2016-007246 //
CNNVD: CNNVD-201702-059 //
NVD: CVE-2016-3024
CREDITS
IBM X-Force Ethical Hacking Team
Trust: 0.3
sources:
BID: 96132
SOURCES
| db: | VULHUB | id: | VHN-91843 |
| db: | BID | id: | 96132 |
| db: | JVNDB | id: | JVNDB-2016-007246 |
| db: | CNNVD | id: | CNNVD-201702-059 |
| db: | NVD | id: | CVE-2016-3024 |
LAST UPDATE DATE
2024-11-23T22:34:45.905000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-91843 | date: | 2020-10-27T00:00:00 |
| db: | BID | id: | 96132 | date: | 2017-03-07T03:02:00 |
| db: | JVNDB | id: | JVNDB-2016-007246 | date: | 2017-02-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201702-059 | date: | 2020-10-28T00:00:00 |
| db: | NVD | id: | CVE-2016-3024 | date: | 2024-11-21T02:49:13.053 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-91843 | date: | 2017-02-01T00:00:00 |
| db: | BID | id: | 96132 | date: | 2017-02-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-007246 | date: | 2017-02-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201702-059 | date: | 2017-02-06T00:00:00 |
| db: | NVD | id: | CVE-2016-3024 | date: | 2017-02-01T20:59:00.613 |