CVE-2016-3029

EUVD-2016-4102
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_access_manager_9.0_firmware
9.0.0
ibmsecurity_access_manager_9.0_firmware
9.0.0.1
ibmsecurity_access_manager_9.0_firmware
9.0.1.0
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.1
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.2
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.3
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.0.5
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.1.0
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.1.2
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.1.3
ibmsecurity_access_manager_for_mobile_8.0_firmware
8.0.1.4
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.1
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.2
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.3
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.5
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.1.0
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.1.2
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.1.3
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=swg21995345
http://www.securityfocus.com/bid/96133
http://www.ibm.com/support/docview.wss?uid=swg21995345
http://www.securityfocus.com/bid/96133