Skip to main content

Security Access Manager For Web 8 0 Firmware CVE-2016-3046

LOW
SQL Injection (CWE-89)
2017-02-01 psirt@us.ibm.com
2.7
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 01, 2017 - 20:59 cve.org
LOW 2.7

DescriptionCVE.org

IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.

AnalysisAI

IBM Security Access Manager for Web is vulnerable to SQL injection. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database. Affected products include: Ibm Security Access Manager For Web 8.0 Firmware, Ibm Security Access Manager For Mobile, Ibm Security Access Manager 9.0 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2014-4823 CRITICAL
10.0 Oct 03

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-I

CVE-2016-2908 CRITICAL
9.1 Feb 01

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external e

CVE-2016-3029 HIGH
8.8 Feb 01

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute

CVE-2015-5018 HIGH
8.0 Jan 02

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before

CVE-2014-3053 HIGH
8.0 Jun 21

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through

CVE-2015-5012 HIGH
7.5 Feb 15

The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3,

CVE-2015-5010 HIGH
7.5 Feb 15

IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not h

CVE-2016-3017 HIGH
7.5 Feb 01

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security miscon

CVE-2016-5919 HIGH
7.5 Feb 16

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that coul

CVE-2014-4809 HIGH
7.1 Oct 03

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WG

CVE-2016-3027 MEDIUM
6.5 Feb 01

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XX

CVE-2016-3022 MEDIUM
6.5 Feb 01

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due

Share

CVE-2016-3046 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy