CVE-2016-3021

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 2.7

CVSS2: 4

EPSS Низкий

Описание

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21995436
Vendor Advisory
http://www.securityfocus.com/bid/96114
http://www.ibm.com/support/docview.wss?uid=swg21995436
Vendor Advisory
http://www.securityfocus.com/bid/96114

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00073

Низкий

2.7 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-g5m9-57rf-mghr