IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025)

The default account lockout setting in IBM Security Access Manager for Mobile could allow a remote attacker to use brute force to discover account credentials.

CVE(s): CVE-2016-3025

Affected product(s) and affected version(s):

IBM Security Access Manager for Mobile 8.0, all firmware versions

IBM Security Access Manager 9.0, all firmware versions

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fdsOkw
X-Force Database: http://ift.tt/2dm9JkD

from IBM Product Security Incident Response Team http://ift.tt/2fdtA13