Details of VAR-201702-0371

ID

VAR-201702-0371

CVE

CVE-2016-3043

TITLE

IBM Security Access Manager Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-007350

DESCRIPTION

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Security Access Manager is prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. There are information disclosure vulnerabilities in many ISAM products

Trust: 1.98

sources: NVD: CVE-2016-3043 // JVNDB: JVNDB-2016-007350 // BID: 95107 // VULHUB: VHN-91862

AFFECTED PRODUCTS

vendor:	ibm	model:	security access manager 9.0	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager for mobile software	scope:	eq	version:	8.0	Trust: 0.8
vendor:	ibm	model:	security access manager for web the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager for web software	scope:	eq	version:	7.0	Trust: 0.8
vendor:	ibm	model:	security access manager for web software	scope:	eq	version:	8.0	Trust: 0.8
vendor:	ibm	model:	security access manager the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager software	scope:	eq	version:	9.0	Trust: 0.8
vendor:	ibm	model:	security access manager for mobile	scope:	-	version:	-	Trust: 0.6
vendor:	ibm	model:	security access manager for web 7.0	scope:	-	version:	-	Trust: 0.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	-	version:	-	Trust: 0.6
vendor:	ibm	model:	security access manager 9.0	scope:	-	version:	-	Trust: 0.6
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.03	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.02	Trust: 0.3
vendor:	ibm	model:	security access manager for web fp19	scope:	eq	version:	7.0	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.3	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.2	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.1	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.0	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.5	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.9	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.8	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.7	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.6	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.5	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.3	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.20	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.2	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.19	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.18	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.17	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.16	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.15	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.14	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.13	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.12	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.11	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.10	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.4	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.3	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.2	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.1	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.5	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.3	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.2	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.1.0	Trust: 0.3
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	ne	version:	8.0.1.5	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	ne	version:	8.0.1.5	Trust: 0.3
vendor:	ibm	model:	security access manager	scope:	ne	version:	9.0.2.0	Trust: 0.3

sources: BID: 95107 // JVNDB: JVNDB-2016-007350 // CNNVD: CNNVD-201612-743 // NVD: CVE-2016-3043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3043
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3043
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201612-743
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-91862
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-3043
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-91862
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-3043
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-91862 // JVNDB: JVNDB-2016-007350 // CNNVD: CNNVD-201612-743 // NVD: CVE-2016-3043

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-91862 // JVNDB: JVNDB-2016-007350 // NVD: CVE-2016-3043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-743

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-743

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007350

PATCH

title:	1995446	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995446	Trust: 0.8
title:	Multiple IBM Security Access Manager Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66702	Trust: 0.6

sources: JVNDB: JVNDB-2016-007350 // CNNVD: CNNVD-201612-743

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3043	Trust: 2.8
db:	BID	id:	95107	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-007350	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-743	Trust: 0.7
db:	VULHUB	id:	VHN-91862	Trust: 0.1

sources: VULHUB: VHN-91862 // BID: 95107 // JVNDB: JVNDB-2016-007350 // CNNVD: CNNVD-201612-743 // NVD: CVE-2016-3043

REFERENCES

url:	http://www.securityfocus.com/bid/95107	Trust: 1.7
url:	http://www.ibm.com/support/docview.wss?uid=swg21995446	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3043	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3043	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995446	Trust: 0.3

sources: VULHUB: VHN-91862 // BID: 95107 // JVNDB: JVNDB-2016-007350 // CNNVD: CNNVD-201612-743 // NVD: CVE-2016-3043

CREDITS

Dmitryi Beryoza, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd,Paul Ionescu

Trust: 0.6

sources: CNNVD: CNNVD-201612-743

SOURCES

db:	VULHUB	id:	VHN-91862
db:	BID	id:	95107
db:	JVNDB	id:	JVNDB-2016-007350
db:	CNNVD	id:	CNNVD-201612-743
db:	NVD	id:	CVE-2016-3043

LAST UPDATE DATE

2024-11-23T22:07:39.159000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91862	date:	2020-10-27T00:00:00
db:	BID	id:	95107	date:	2017-01-12T08:06:00
db:	JVNDB	id:	JVNDB-2016-007350	date:	2017-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201612-743	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2016-3043	date:	2024-11-21T02:49:15.027

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91862	date:	2017-02-01T00:00:00
db:	BID	id:	95107	date:	2016-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-007350	date:	2017-02-27T00:00:00
db:	CNNVD	id:	CNNVD-201612-743	date:	2016-12-28T00:00:00
db:	NVD	id:	CVE-2016-3043	date:	2017-02-01T20:59:00.770