CVE-2016-3025

8.1HIGH

Key Information:

Vendor: IBM
Status: Security Access Manager; Security Access Manager For Mobile
Vendor: CVE Published:; 25 November 2016

Summary

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89258

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89240

vendor-advisoryx_refsource_AIXAPAR

http://www.securityfocus.com/bid/93178

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 25, 2016
Vulnerability Reserved
Mar 9, 2016