ID
VAR-201702-0373
CVE
CVE-2016-3046
TITLE
IBM Security Access Manager In SQL Injection vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2016-007351
DESCRIPTION
IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database. A successful exploit may allow an attacker to access data, or exploit latent vulnerabilities in the underlying database. There are SQL injection vulnerabilities in many ISAM products
Trust: 1.98
sources:
NVD: CVE-2016-3046 //
JVNDB: JVNDB-2016-007351 //
BID: 95104 //
VULHUB: VHN-91865
AFFECTED PRODUCTS
| vendor: | ibm | model: | security access manager 9.0 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | ibm | model: | security access manager for mobile the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for mobile software | scope: | eq | version: | 8.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for web software | scope: | eq | version: | 8.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager the appliance | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ibm | model: | security access manager software | scope: | eq | version: | 9.0 | Trust: 0.8 |
| vendor: | ibm | model: | security access manager for mobile | scope: | - | version: | - | Trust: 0.6 |
| vendor: | ibm | model: | security access manager 9.0 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | ibm | model: | security access manager for web 8.0 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.03 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.02 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.1.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0.0.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.1.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.4 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.3 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.2 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0.0.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0.1.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0.0.1 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | eq | version: | 9.0 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for web | scope: | ne | version: | 8.0.1.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager for mobile | scope: | ne | version: | 8.0.1.5 | Trust: 0.3 |
| vendor: | ibm | model: | security access manager | scope: | ne | version: | 9.0.2.0 | Trust: 0.3 |
sources:
BID: 95104 //
JVNDB: JVNDB-2016-007351 //
CNNVD: CNNVD-201612-669 //
NVD: CVE-2016-3046
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-91865 //
JVNDB: JVNDB-2016-007351 //
CNNVD: CNNVD-201612-669 //
NVD: CVE-2016-3046
PROBLEMTYPE DATA
| problemtype: | CWE-89 | Trust: 1.9 |
sources:
VULHUB: VHN-91865 //
JVNDB: JVNDB-2016-007351 //
NVD: CVE-2016-3046
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201612-669
TYPE
SQL injection
Trust: 0.6
sources:
CNNVD: CNNVD-201612-669
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-007351
PATCH
| title: | 1995527 | url: | http://www-01.ibm.com/support/docview.wss?uid=swg21995527 | Trust: 0.8 |
| title: | Multiple IBM Security Access Manager product SQL Repair measures for injecting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66688 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2016-007351 //
CNNVD: CNNVD-201612-669
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-3046 | Trust: 2.8 |
| db: | BID | id: | 95104 | Trust: 2.0 |
| db: | JVNDB | id: | JVNDB-2016-007351 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201612-669 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-91865 | Trust: 0.1 |
sources:
VULHUB: VHN-91865 //
BID: 95104 //
JVNDB: JVNDB-2016-007351 //
CNNVD: CNNVD-201612-669 //
NVD: CVE-2016-3046
REFERENCES
| url: | http://www.securityfocus.com/bid/95104 | Trust: 1.7 |
| url: | http://www.ibm.com/support/docview.wss?uid=swg21995527 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3046 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3046 | Trust: 0.8 |
| url: | http://www.ibm.com/ | Trust: 0.3 |
| url: | http://www-01.ibm.com/support/docview.wss?uid=swg21995527 | Trust: 0.3 |
sources:
VULHUB: VHN-91865 //
BID: 95104 //
JVNDB: JVNDB-2016-007351 //
CNNVD: CNNVD-201612-669 //
NVD: CVE-2016-3046
CREDITS
Dmitryi Beryoza, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd,Paul Ionescu
Trust: 0.6
sources:
CNNVD: CNNVD-201612-669
SOURCES
| db: | VULHUB | id: | VHN-91865 |
| db: | BID | id: | 95104 |
| db: | JVNDB | id: | JVNDB-2016-007351 |
| db: | CNNVD | id: | CNNVD-201612-669 |
| db: | NVD | id: | CVE-2016-3046 |
LAST UPDATE DATE
2024-11-23T22:45:46.885000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-91865 | date: | 2020-10-27T00:00:00 |
| db: | BID | id: | 95104 | date: | 2017-01-12T00:06:00 |
| db: | JVNDB | id: | JVNDB-2016-007351 | date: | 2017-02-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201612-669 | date: | 2020-10-28T00:00:00 |
| db: | NVD | id: | CVE-2016-3046 | date: | 2024-11-21T02:49:15.380 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-91865 | date: | 2017-02-01T00:00:00 |
| db: | BID | id: | 95104 | date: | 2016-12-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-007351 | date: | 2017-02-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-201612-669 | date: | 2016-12-27T00:00:00 |
| db: | NVD | id: | CVE-2016-3046 | date: | 2017-02-01T20:59:00.847 |