CVE-2016-3016
MEDIUMIBM Security Access Manager for Web 7.0 Firmware - Authenticated Code Execution via Unverified Update Processing
Title source: llmDescription
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21995518
Scores
CVSS v3
4.4
EPSS
0.0008
EPSS Percentile
24.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-345
Status
published
Products (50)
ibm/security_access_manager_9.0_firmware
9.0.0
ibm/security_access_manager_9.0_firmware
9.0.0.1
ibm/security_access_manager_9.0_firmware
9.0.1.0
ibm/security_access_manager_for_mobile_8.0_firmware
8.0.0.1
ibm/security_access_manager_for_mobile_8.0_firmware
8.0.0.2
ibm/security_access_manager_for_mobile_8.0_firmware
8.0.0.3
ibm/security_access_manager_for_mobile_8.0_firmware
8.0.0.5
ibm/security_access_manager_for_mobile_8.0_firmware
8.0.1.0
ibm/security_access_manager_for_mobile_8.0_firmware
8.0.1.2
ibm/security_access_manager_for_mobile_8.0_firmware
8.0.1.3
... and 40 more
Published
Feb 01, 2017
Tracked Since
Feb 18, 2026