CVE-2016-3020

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.
References
Link Resource
http://www.ibm.com/support/docview.wss?uid=swg21996826 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-02-07 16:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-3020

Mitre link : CVE-2016-3020

CVE.ORG link : CVE-2016-3020


JSON object : View

Products Affected

ibm

  • security_access_manager_for_web_appliance
  • security_access_manager_for_web_8.0_firmware
  • security_access_manager_9.0_firmware
  • security_access_manager_for_mobile
  • security_access_manager_for_mobile_appliance
  • security_access_manager_for_web_7.0_firmware
CWE
CWE-284

Improper Access Control