CVE-2016-3045

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
References
Link Resource
http://www.ibm.com/support/docview.wss?uid=swg21995435 Patch Vendor Advisory
http://www.securityfocus.com/bid/95103 Third Party Advisory VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21995435 Patch Vendor Advisory
http://www.securityfocus.com/bid/95103 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*

History

21 Nov 2024, 02:49

Type Values Removed Values Added
References () http://www.ibm.com/support/docview.wss?uid=swg21995435 - Patch, Vendor Advisory () http://www.ibm.com/support/docview.wss?uid=swg21995435 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/95103 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95103 - Third Party Advisory, VDB Entry

Information

Published : 2017-02-01 20:59

Updated : 2024-11-21 02:49


NVD link : CVE-2016-3045

Mitre link : CVE-2016-3045

CVE.ORG link : CVE-2016-3045


JSON object : View

Products Affected

ibm

  • security_access_manager_for_web
  • security_access_manager_for_mobile
  • security_access_manager
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor