Vulnerability Description
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager | 9.0.0 |
| Ibm | Security Access Manager For Mobile | 8.0.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg21991107Vendor Advisory
- http://www.securityfocus.com/bid/93178
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258Broken Link
- http://www-01.ibm.com/support/docview.wss?uid=swg21991107Vendor Advisory
- http://www.securityfocus.com/bid/93178
FAQ
What is CVE-2016-3025?
CVE-2016-3025 is a vulnerability with a CVSS score of 8.1 (HIGH). IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attack...
How severe is CVE-2016-3025?
CVE-2016-3025 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3025?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager, Ibm Security Access Manager For Mobile.