CVE Vulnerabilities

CVE-2016-3025

Published: Nov 25, 2016 | Modified: Nov 28, 2016
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.

Affected Software

Name Vendor Start Version End Version
Security_access_manager Ibm 9.0.0 (including) 9.0.0 (including)
Security_access_manager Ibm 9.0.0.1 (including) 9.0.0.1 (including)
Security_access_manager Ibm 9.0.1.0 (including) 9.0.1.0 (including)
Security_access_manager_for_mobile Ibm 8.0.0.0 (including) 8.0.0.0 (including)
Security_access_manager_for_mobile Ibm 8.0.0.1 (including) 8.0.0.1 (including)
Security_access_manager_for_mobile Ibm 8.0.0.2 (including) 8.0.0.2 (including)
Security_access_manager_for_mobile Ibm 8.0.0.3 (including) 8.0.0.3 (including)
Security_access_manager_for_mobile Ibm 8.0.0.4 (including) 8.0.0.4 (including)
Security_access_manager_for_mobile Ibm 8.0.0.5 (including) 8.0.0.5 (including)
Security_access_manager_for_mobile Ibm 8.0.1 (including) 8.0.1 (including)
Security_access_manager_for_mobile Ibm 8.0.1.2 (including) 8.0.1.2 (including)
Security_access_manager_for_mobile Ibm 8.0.1.3 (including) 8.0.1.3 (including)
Security_access_manager_for_mobile Ibm 8.0.1.4 (including) 8.0.1.4 (including)

References