What is CVE-2016-3016?

CVE-2016-3016 is a medium-severity vulnerability in Ibm Security_access_manager_9.0_firmware, classified under Insufficient Verification of Data Authenticity. CVSS score: 4.4/10. Published 2017-02-01.

How severe is CVE-2016-3016?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Vulnerability in Ibm Security_access_manager_9.0_firmware

CVE-2016-3016

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.

EPSS: 0.001 (24.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N.

Affected products

Ibm Security_access_manager_9.0_firmware — versions 9.0.0, 9.0.0.1, 9.0.1.0
Ibm Security_access_manager_for_mobile_8.0_firmware — versions 8.0.0.1, 8.0.0.2, 8.0.0.3
Ibm Security_access_manager_for_mobile_appliance — versions 8.0
Ibm Security_access_manager_for_web_7.0_firmware — versions 7.0.0.1, 7.0.0.2, 7.0.0.3
Ibm Security_access_manager_for_web_8.0_firmware — versions 8.0.0.1, 8.0.0.2, 8.0.0.3
Ibm Security_access_manager_for_web_appliance — versions 7.0, 8.0
Ibm Corporation Access Manager — versions 9.0.1, 8.0.1.2, 8.0.0.4

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2016-3016?: CVE-2016-3016 is a medium-severity vulnerability in Ibm Security_access_manager_9.0_firmware, classified under Insufficient Verification of Data Authenticity. CVSS score: 4.4/10. Published 2017-02-01.
How severe is CVE-2016-3016?: Medium severity. CVSS v3 base score is 4.4 out of 10.