CVE-2016-3020

MEDIUM

IBM Security Access Manager For Web 7... - Improper Access Control

Title source: rule

Description

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.

References (1)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21996826

Scores

CVSS v3 5.5

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-284

Status published

Affected Products (21)

ibm/security_access_manager_for_web_7.0_firmware

ibm/security_access_manager_for_web_8.0_firmware

ibm/security_access_manager_for_mobile

ibm/security_access_manager_9.0_firmware

IBM Corporation/Access Manager < 9.0

IBM Corporation/Access Manager < 9.0.0.1

IBM Corporation/Access Manager < 9.0.1

IBM Corporation/Access Manager < 7.0.0

IBM Corporation/Access Manager < 8.0.0

IBM Corporation/Access Manager < 8.0.0.1

IBM Corporation/Access Manager < 8.0.0.2

IBM Corporation/Access Manager < 8.0.0.3

IBM Corporation/Access Manager < 8.0.0.4

IBM Corporation/Access Manager < 8.0.0.5

IBM Corporation/Access Manager < 8.0.1

... and 6 more

Timeline

Published Feb 07, 2017

Tracked Since Feb 18, 2026