1. Home
  2. CVE Database
  3. CVE-2016-3016
MEDIUM · 4.4

CVE-2016-3016

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker ...

Vulnerability Description

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.

CVSS Score

4.4

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
IbmSecurity Access Manager 9.0 Firmware9.0.0
IbmSecurity Access Manager For Mobile 8.0 Firmware8.0.0.1
IbmSecurity Access Manager For Web 7.0 Firmware7.0.0.1
IbmSecurity Access Manager For Web 8.0 Firmware8.0.0.1
IbmSecurity Access Manager For Mobile Appliance8.0
IbmSecurity Access Manager For Web Appliance7.0

Related Weaknesses (CWE)

CWE-345

References

FAQ

What is CVE-2016-3016?

CVE-2016-3016 is a vulnerability with a CVSS score of 4.4 (MEDIUM). IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker ...

How severe is CVE-2016-3016?

CVE-2016-3016 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3016?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager 9.0 Firmware, Ibm Security Access Manager For Mobile 8.0 Firmware, Ibm Security Access Manager For Web 7.0 Firmware, Ibm Security Access Manager For Web 8.0 Firmware, Ibm Security Access Manager For Mobile Appliance.