CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
References
Link Resource
http://www.ibm.com/support/docview.wss?uid=swg21995435 Patch Vendor Advisory
http://www.securityfocus.com/bid/95103 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-02-01 20:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-3045

Mitre link : CVE-2016-3045

CVE.ORG link : CVE-2016-3045


JSON object : View

Products Affected

ibm

  • security_access_manager_for_mobile
  • security_access_manager
  • security_access_manager_for_web
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor