What is the severity of CVE-2016-3021?

CVE-2016-3021 has a medium severity rating as it allows authenticated attackers to access sensitive information through crafted HTTP requests.

How do I fix CVE-2016-3021?

To fix CVE-2016-3021, apply the latest patches provided by IBM for affected versions of IBM Security Access Manager.

Which versions are affected by CVE-2016-3021?

CVE-2016-3021 affects IBM Security Access Manager for Web versions 7.0.0.1 to 7.0.0.16 and 8.0.0.1 to 8.0.1.4, as well as IBM Security Access Manager for Mobile versions 8.0.0.1 to 8.0.1.4.

What type of attacks exploit CVE-2016-3021?

CVE-2016-3021 can be exploited by authenticated users to extract sensitive information from system error messages.

Is CVE-2016-3021 a remote or local vulnerability?

CVE-2016-3021 is considered a local vulnerability since it requires authentication to exploit.

Vulnerability/
CVE-2016-3021

medium

CWE

200

1/2/2017

5/8/2024

CVE-2016-3021: Infoleak

First published: Wed Feb 01 2017(Updated: )

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Access Manager 9.0	=9.0.0
IBM Security Access Manager 9.0	=9.0.0.1
IBM Security Access Manager 9.0	=9.0.1.0
IBM Security Access Manager for Mobile	=8.0.0.1
IBM Security Access Manager for Mobile	=8.0.0.2
IBM Security Access Manager for Mobile	=8.0.0.3
IBM Security Access Manager for Mobile	=8.0.0.5
IBM Security Access Manager for Mobile	=8.0.1.0
IBM Security Access Manager for Mobile	=8.0.1.2
IBM Security Access Manager for Mobile	=8.0.1.3
IBM Security Access Manager for Mobile	=8.0.1.4
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.1
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.2
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.3
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.4
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.5
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.6
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.7
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.8
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.9
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.10
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.11
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.12
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.13
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.14
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.15
IBM Security Access Manager for Web 7.0 Firmware	=7.0.0.16
IBM Security Access Manager for Web 8.0 firmware	=8.0.0.1
IBM Security Access Manager for Web 8.0 firmware	=8.0.0.2
IBM Security Access Manager for Web 8.0 firmware	=8.0.0.3
IBM Security Access Manager for Web 8.0 firmware	=8.0.0.5
IBM Security Access Manager for Web 8.0 firmware	=8.0.1.0
IBM Security Access Manager for Web 8.0 firmware	=8.0.1.2
IBM Security Access Manager for Web 8.0 firmware	=8.0.1.3
IBM Security Access Manager for Web 8.0 firmware	=8.0.1.4
IBM Security Access Manager for Mobile Appliance	=8.0
IBM Security Access Manager for Web appliance	=7.0
IBM Security Access Manager for Web appliance	=8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3021?
CVE-2016-3021 has a medium severity rating as it allows authenticated attackers to access sensitive information through crafted HTTP requests.
How do I fix CVE-2016-3021?
To fix CVE-2016-3021, apply the latest patches provided by IBM for affected versions of IBM Security Access Manager.
Which versions are affected by CVE-2016-3021?
CVE-2016-3021 affects IBM Security Access Manager for Web versions 7.0.0.1 to 7.0.0.16 and 8.0.0.1 to 8.0.1.4, as well as IBM Security Access Manager for Mobile versions 8.0.0.1 to 8.0.1.4.
What type of attacks exploit CVE-2016-3021?
CVE-2016-3021 can be exploited by authenticated users to extract sensitive information from system error messages.
Is CVE-2016-3021 a remote or local vulnerability?
CVE-2016-3021 is considered a local vulnerability since it requires authentication to exploit.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm security access manager 9.0
version/ibm security access manager 9.0/9.0.0
version/ibm security access manager 9.0/9.0.0.1
version/ibm security access manager 9.0/9.0.1.0
canonical/ibm security access manager for mobile
version/ibm security access manager for mobile/8.0.0.1
version/ibm security access manager for mobile/8.0.0.2
version/ibm security access manager for mobile/8.0.0.3
version/ibm security access manager for mobile/8.0.0.5
version/ibm security access manager for mobile/8.0.1.0
version/ibm security access manager for mobile/8.0.1.2
version/ibm security access manager for mobile/8.0.1.3
version/ibm security access manager for mobile/8.0.1.4
canonical/ibm security access manager for web 7.0 firmware
version/ibm security access manager for web 7.0 firmware/7.0.0.1
version/ibm security access manager for web 7.0 firmware/7.0.0.2
version/ibm security access manager for web 7.0 firmware/7.0.0.3
version/ibm security access manager for web 7.0 firmware/7.0.0.4
version/ibm security access manager for web 7.0 firmware/7.0.0.5
version/ibm security access manager for web 7.0 firmware/7.0.0.6
version/ibm security access manager for web 7.0 firmware/7.0.0.7
version/ibm security access manager for web 7.0 firmware/7.0.0.8
version/ibm security access manager for web 7.0 firmware/7.0.0.9
version/ibm security access manager for web 7.0 firmware/7.0.0.10
version/ibm security access manager for web 7.0 firmware/7.0.0.11
version/ibm security access manager for web 7.0 firmware/7.0.0.12
version/ibm security access manager for web 7.0 firmware/7.0.0.13
version/ibm security access manager for web 7.0 firmware/7.0.0.14
version/ibm security access manager for web 7.0 firmware/7.0.0.15
version/ibm security access manager for web 7.0 firmware/7.0.0.16
canonical/ibm security access manager for web 8.0 firmware
version/ibm security access manager for web 8.0 firmware/8.0.0.1
version/ibm security access manager for web 8.0 firmware/8.0.0.2
version/ibm security access manager for web 8.0 firmware/8.0.0.3
version/ibm security access manager for web 8.0 firmware/8.0.0.5
version/ibm security access manager for web 8.0 firmware/8.0.1.0
version/ibm security access manager for web 8.0 firmware/8.0.1.2
version/ibm security access manager for web 8.0 firmware/8.0.1.3
version/ibm security access manager for web 8.0 firmware/8.0.1.4
canonical/ibm security access manager for mobile appliance
version/ibm security access manager for mobile appliance/8.0
canonical/ibm security access manager for web appliance
version/ibm security access manager for web appliance/7.0
version/ibm security access manager for web appliance/8.0