Details of VAR-201702-0379

ID

VAR-201702-0379

CVE

CVE-2016-3022

TITLE

IBM Security Access Manager Vulnerabilities that can gain access to important information

Trust: 0.8

sources: JVNDB: JVNDB-2016-007243

DESCRIPTION

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. The product enables access management control through integrated appliances for web, mobile and cloud computing

Trust: 1.98

sources: NVD: CVE-2016-3022 // JVNDB: JVNDB-2016-007243 // BID: 96130 // VULHUB: VHN-91841

AFFECTED PRODUCTS

vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.0.3	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.1.4	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.0.2	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.1.3	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.1.2	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.0.5	Trust: 1.6
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.14	Trust: 1.6
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.13	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.1.0	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.0.1	Trust: 1.6
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.1.2	Trust: 1.0
vendor:	ibm	model:	security access manager 9.0	scope:	eq	version:	9.0.1.0	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.12	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.6	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.16	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.3	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.1	Trust: 1.0
vendor:	ibm	model:	security access manager 9.0	scope:	eq	version:	9.0.0.1	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.15	Trust: 1.0
vendor:	ibm	model:	security access manager 9.0	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.1.4	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.1.0	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.7	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.3	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.1	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.8	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.5	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.11	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.4	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.2	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.2	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.5	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.10	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.1.3	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.9	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager for mobile software	scope:	eq	version:	8.0	Trust: 0.8
vendor:	ibm	model:	security access manager for web the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager for web software	scope:	eq	version:	7.0	Trust: 0.8
vendor:	ibm	model:	security access manager for web software	scope:	eq	version:	8.0	Trust: 0.8
vendor:	ibm	model:	security access manager the appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager software	scope:	eq	version:	9.0	Trust: 0.8
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.03	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.02	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.3	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.2	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.1.1	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.5	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.9	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.8	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.7	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.6	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.5	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.3	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.2	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.16	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.15	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.14	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.13	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.12	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.11	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.10	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.4	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.3	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.2	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.1.1	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.5	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.3	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.2	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.1.0	Trust: 0.3
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager	scope:	eq	version:	9.0	Trust: 0.3

sources: BID: 96130 // JVNDB: JVNDB-2016-007243 // CNNVD: CNNVD-201702-061 // NVD: CVE-2016-3022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3022
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3022
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-061
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-91841
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-3022
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-91841
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-3022
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2016-3022
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-91841 // JVNDB: JVNDB-2016-007243 // CNNVD: CNNVD-201702-061 // NVD: CVE-2016-3022

PROBLEMTYPE DATA

problemtype:

CWE-275

Trust: 1.9

sources: VULHUB: VHN-91841 // JVNDB: JVNDB-2016-007243 // NVD: CVE-2016-3022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-061

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201702-061

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007243

PATCH

title:	1995360	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995360	Trust: 0.8
title:	IBM Security Access Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67447	Trust: 0.6

sources: JVNDB: JVNDB-2016-007243 // CNNVD: CNNVD-201702-061

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3022	Trust: 2.8
db:	BID	id:	96130	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-007243	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-061	Trust: 0.7
db:	VULHUB	id:	VHN-91841	Trust: 0.1

sources: VULHUB: VHN-91841 // BID: 96130 // JVNDB: JVNDB-2016-007243 // CNNVD: CNNVD-201702-061 // NVD: CVE-2016-3022

REFERENCES

url:	http://www.securityfocus.com/bid/96130	Trust: 2.3
url:	http://www.ibm.com/support/docview.wss?uid=swg21995360	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3022	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3022	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21995360	Trust: 0.3

sources: VULHUB: VHN-91841 // BID: 96130 // JVNDB: JVNDB-2016-007243 // CNNVD: CNNVD-201702-061 // NVD: CVE-2016-3022

CREDITS

IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitryi Beryoza.

Trust: 0.3

sources: BID: 96130

SOURCES

db:	VULHUB	id:	VHN-91841
db:	BID	id:	96130
db:	JVNDB	id:	JVNDB-2016-007243
db:	CNNVD	id:	CNNVD-201702-061
db:	NVD	id:	CVE-2016-3022

LAST UPDATE DATE

2024-11-23T22:26:52.738000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91841	date:	2020-10-27T00:00:00
db:	BID	id:	96130	date:	2017-03-07T04:01:00
db:	JVNDB	id:	JVNDB-2016-007243	date:	2017-02-16T00:00:00
db:	CNNVD	id:	CNNVD-201702-061	date:	2020-11-12T00:00:00
db:	NVD	id:	CVE-2016-3022	date:	2024-11-21T02:49:12.807

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91841	date:	2017-02-01T00:00:00
db:	BID	id:	96130	date:	2016-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-007243	date:	2017-02-16T00:00:00
db:	CNNVD	id:	CNNVD-201702-061	date:	2017-02-07T00:00:00
db:	NVD	id:	CVE-2016-3022	date:	2017-02-01T20:59:00.550