CVE-2016-3022

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21995360
Patch
Vendor Advisory
http://www.securityfocus.com/bid/96130
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21995360
Patch
Vendor Advisory
http://www.securityfocus.com/bid/96130
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.0019

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-275

Связанные уязвимости

GHSA-v3r8-3w87-jw8h