CVE-2016-3025
Summary
| CVE | CVE-2016-3025 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-11-25 03:59:00 UTC |
| Updated | 2016-11-28 20:05:00 UTC |
| Description | IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. |
Risk And Classification
Problem Types: CWE-254
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Security Access Manager | 9.0.0 | All | All | All |
| Application | Ibm | Security Access Manager | 9.0.0.1 | All | All | All |
| Application | Ibm | Security Access Manager | 9.0.1.0 | All | All | All |
| Application | Ibm | Security Access Manager | 9.0.0 | All | All | All |
| Application | Ibm | Security Access Manager | 9.0.0.1 | All | All | All |
| Application | Ibm | Security Access Manager | 9.0.1.0 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.0 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.1 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.2 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.3 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.4 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.5 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1.2 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1.3 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1.4 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.0 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.1 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.2 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.3 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.4 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.0.5 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1.2 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1.3 | All | All | All |
| Application | Ibm | Security Access Manager For Mobile | 8.0.1.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025) - United States | CONFIRM | www-01.ibm.com | Vendor Advisory |
| IBM Security Access Manager CVE-2016-3025 Security Bypass Vulnerability | BID | www.securityfocus.com | |
| IBM notice: The page you requested cannot be displayed | AIXAPAR | www-01.ibm.com | Broken Link |
| IBM notice: The page you requested cannot be displayed | AIXAPAR | www-01.ibm.com | Broken Link |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.