IBM Security Access Manager appliances are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view information in the back-end database.
CVE(s): CVE-2016-3046
Affected product(s) and affected version(s):
IBM Security Access Manager for Web 8.0 appliances, all firmware versions.
IBM Security Access Manager for Mobile 8.0 appliances, all firmware versions.
IBM Security Access Manager 9.0 appliances, all firmware versions.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hxMB2W
X-Force Database: http://ift.tt/2hAyNSD
from IBM Product Security Incident Response Team http://ift.tt/2hxIrs2
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.