What is CVE-2016-3025?

CVE-2016-3025 is a high-severity vulnerability in Ibm Security_access_manager, classified under CWE-254. CVSS score: 8.1/10. Published 2016-11-25.

How severe is CVE-2016-3025?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Ibm Security_access_manager

CVE-2016-3025

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force…

EPSS: 0.005 (67.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ibm Security_access_manager — versions 9.0.0, 9.0.0.1, 9.0.1.0
Ibm Security_access_manager_for_mobile — versions 8.0.0.0, 8.0.0.1, 8.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-254

References

IV89258 (vendor-advisory, Broken Link, x_refsource_AIXAPAR)
IV89240 (vendor-advisory, Broken Link, x_refsource_AIXAPAR)
93178 (vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-3025?: CVE-2016-3025 is a high-severity vulnerability in Ibm Security_access_manager, classified under CWE-254. CVSS score: 8.1/10. Published 2016-11-25.
How severe is CVE-2016-3025?: High severity. CVSS v3 base score is 8.1 out of 10.