GCVE - cpe:2.3:o:ibm:security_access_manager_for_web_8.0

Approved changes feed: RSS · Atom

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*

part: o version: 8.0.1.2 update: *

Vendor	Ibm (`177c0602-9232-5933-8f2f-9d22f079d22d`)
Product	Security Access Manager For Web 8.0 Firmware (`5dd1ded7-c580-5fbb-8ef1-1a19ecdc2e54`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-3029`	vulnerable	2026-06-03 14:35:44.812271	Details available IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:15.145Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/96133 http://www.ibm.com/support/docview.wss?uid=swg21995345	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3027`	vulnerable	2026-06-03 14:35:44.805775	Details available IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:15.158Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg21994440 http://www.securityfocus.com/bid/96127	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3024`	vulnerable	2026-06-03 14:35:44.790567	Details available IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:15.154Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg21995340 http://www.securityfocus.com/bid/96132	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3023`	vulnerable	2026-06-03 14:35:44.789789	Details available IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:15.221Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg21995348 http://www.securityfocus.com/bid/96124	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3022`	vulnerable	2026-06-03 14:35:44.788695	Details available IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:15.218Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/96130 http://www.ibm.com/support/docview.wss?uid=swg21995360	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3021`	vulnerable	2026-06-03 14:35:44.787507	Details available IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:15.189Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/96114 http://www.ibm.com/support/docview.wss?uid=swg21995436	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3017`	vulnerable	2026-06-03 14:35:44.765975	Details available IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:14.440Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg21995519	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3016`	vulnerable	2026-06-03 14:35:44.763221	Details available IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:14.421Z Open on db.gcve.eu Reference links http://www.ibm.com/support/docview.wss?uid=swg21995518	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2908`	vulnerable	2026-06-03 14:35:44.445493	Details available IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service. Published: 2017-02-01T20:00:00.000Z Updated: 2024-08-05T23:40:13.568Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/95295 http://www.ibm.com/support/docview.wss?uid=swg21995531 http://www.securitytracker.com/id/1038506	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8531`	vulnerable	2026-06-03 14:35:12.266196	Details available Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: 2016-02-15T02:00:00.000Z Updated: 2024-08-06T08:20:42.431Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg1IV80692 http://www-01.ibm.com/support/docview.wss?uid=swg21974651	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5018`	vulnerable	2026-06-03 14:34:58.282018	Details available IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. Published: 2016-01-02T02:00:00.000Z Updated: 2024-08-06T06:32:32.301Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 http://www-01.ibm.com/support/docview.wss?uid=swg21970510 http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 http://www.securitytracker.com/id/1034560	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5012`	vulnerable	2026-06-03 14:34:58.251691	Details available The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. Published: 2016-02-15T02:00:00.000Z Updated: 2024-08-06T06:32:31.881Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 http://www-01.ibm.com/support/docview.wss?uid=swg21971422	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5010`	vulnerable	2026-06-03 14:34:58.243972	Details available IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Published: 2016-02-15T02:00:00.000Z Updated: 2024-08-06T06:32:31.524Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg21970508 http://www-01.ibm.com/support/docview.wss?uid=swg1IV80728 http://www-01.ibm.com/support/docview.wss?uid=swg1IV80694	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

IBM Security Access Manager For Web 8.0 Firmware 8.0.1.2

PURL mappings

Vulnerability references

Contribute