Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-3020

Опубликовано: 07 фев. 2017
Источник: nvd
CVSS3: 5.5
CVSS2: 4.3
EPSS Низкий

Описание

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*
cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*

EPSS

Процентиль: 32%
0.00123
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

github логотип

GHSA-8px6-jg7c-h734

CVSS3: 5.5
github
больше 3 лет назад

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.

EPSS

Процентиль: 32%
0.00123
Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-284