Vulnerability Description
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager 9.0 Firmware | 9.0.0 |
| Ibm | Security Access Manager For Mobile 8.0 Firmware | 8.0.0.1 |
| Ibm | Security Access Manager For Web 7.0 Firmware | 7.0.0.1 |
| Ibm | Security Access Manager For Web 8.0 Firmware | 8.0.0.1 |
| Ibm | Security Access Manager For Mobile Appliance | 8.0 |
| Ibm | Security Access Manager For Web Appliance | 7.0 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg21995436Vendor Advisory
- http://www.securityfocus.com/bid/96114
- http://www.ibm.com/support/docview.wss?uid=swg21995436Vendor Advisory
- http://www.securityfocus.com/bid/96114
FAQ
What is CVE-2016-3021?
CVE-2016-3021 is a vulnerability with a CVSS score of 2.7 (LOW). IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
How severe is CVE-2016-3021?
CVE-2016-3021 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3021?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager 9.0 Firmware, Ibm Security Access Manager For Mobile 8.0 Firmware, Ibm Security Access Manager For Web 7.0 Firmware, Ibm Security Access Manager For Web 8.0 Firmware, Ibm Security Access Manager For Mobile Appliance.