CVE-2016-3020

MEDIUM

IBM Security Access Manager 7.0.0-9.0.0 Security Restriction Bypass via Improper Content Validation

Title source: llm

Description

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=swg21996826

Scores

CVSS v3 5.5

EPSS 0.0019

EPSS Percentile 40.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-284

Status published

Products (21)

ibm/security_access_manager_9.0_firmware

ibm/security_access_manager_for_mobile

ibm/security_access_manager_for_web_7.0_firmware

ibm/security_access_manager_for_web_8.0_firmware

IBM Corporation/Access Manager 7.0.0

IBM Corporation/Access Manager 8.0.0

IBM Corporation/Access Manager 8.0.0.1

IBM Corporation/Access Manager 8.0.0.2

IBM Corporation/Access Manager 8.0.0.3

IBM Corporation/Access Manager 8.0.0.4

... and 11 more

Published Feb 07, 2017

Tracked Since Feb 18, 2026