CVE-2016-3018
01.02.2017, 20:59
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
| Vendor | Product | Version |
|---|---|---|
| ibm | security_access_manager | 9.0.0 |
| ibm | security_access_manager | 9.0.0.1 |
| ibm | security_access_manager | 9.0.1.0 |
| ibm | security_access_manager_for_mobile | 8.0.0.0 |
| ibm | security_access_manager_for_mobile | 8.0.0.1 |
| ibm | security_access_manager_for_mobile | 8.0.0.2 |
| ibm | security_access_manager_for_mobile | 8.0.0.3 |
| ibm | security_access_manager_for_mobile | 8.0.0.5 |
| ibm | security_access_manager_for_mobile | 8.0.1.0 |
| ibm | security_access_manager_for_mobile | 8.0.1.2 |
| ibm | security_access_manager_for_mobile | 8.0.1.3 |
| ibm | security_access_manager_for_mobile | 8.0.1.4 |
| ibm | security_access_manager_for_web | 8.0.0.0 |
| ibm | security_access_manager_for_web | 8.0.0.1 |
| ibm | security_access_manager_for_web | 8.0.0.2 |
| ibm | security_access_manager_for_web | 8.0.0.3 |
| ibm | security_access_manager_for_web | 8.0.0.5 |
| ibm | security_access_manager_for_web | 8.0.1.0 |
| ibm | security_access_manager_for_web | 8.0.1.2 |
| ibm | security_access_manager_for_web | 8.0.1.3 |
| ibm | security_access_manager_for_web | 8.0.1.4 |
𝑥
= Vulnerable software versions