Vulnerability Description
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager 9.0 Firmware | 9.0.0 |
| Ibm | Security Access Manager For Mobile 8.0 Firmware | 8.0.0.1 |
| Ibm | Security Access Manager For Web 8.0 Firmware | 8.0.0.1 |
| Ibm | Security Access Manager For Mobile Appliance | 8.0 |
| Ibm | Security Access Manager For Web Appliance | 8.0 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg21995345PatchVendor Advisory
- http://www.securityfocus.com/bid/96133
- http://www.ibm.com/support/docview.wss?uid=swg21995345PatchVendor Advisory
- http://www.securityfocus.com/bid/96133
FAQ
What is CVE-2016-3029?
CVE-2016-3029 is a vulnerability with a CVSS score of 8.8 (HIGH). IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website tru...
How severe is CVE-2016-3029?
CVE-2016-3029 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3029?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager 9.0 Firmware, Ibm Security Access Manager For Mobile 8.0 Firmware, Ibm Security Access Manager For Web 8.0 Firmware, Ibm Security Access Manager For Mobile Appliance, Ibm Security Access Manager For Web Appliance.