1. CVE-Search
  2. CVE-2016-3025
ID CVE-2016-3025
Summary IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-11-2016 - 20:05)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
aixapar
  • IV89240
  • IV89258
bid 93178
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21991107
Last major update 28-11-2016 - 20:05
Published 25-11-2016 - 03:59
Last modified 28-11-2016 - 20:05
Back to Top