CVE-2016-3025
First published: Fri Nov 25 2016(Updated: )
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Access Manager | =9.0.0 | |
| Oracle Access Manager | =9.0.0.1 | |
| Oracle Access Manager | =9.0.1.0 | |
| IBM Security Access Manager for Mobile | =8.0.0.0 | |
| IBM Security Access Manager for Mobile | =8.0.0.1 | |
| IBM Security Access Manager for Mobile | =8.0.0.2 | |
| IBM Security Access Manager for Mobile | =8.0.0.3 | |
| IBM Security Access Manager for Mobile | =8.0.0.4 | |
| IBM Security Access Manager for Mobile | =8.0.0.5 | |
| IBM Security Access Manager for Mobile | =8.0.1 | |
| IBM Security Access Manager for Mobile | =8.0.1.2 | |
| IBM Security Access Manager for Mobile | =8.0.1.3 | |
| IBM Security Access Manager for Mobile | =8.0.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3025?
CVE-2016-3025 is classified as a medium severity vulnerability due to its potential for exploitation through brute-force attacks.
How do I fix CVE-2016-3025?
To fix CVE-2016-3025, update your IBM Security Access Manager for Mobile or Security Access Manager to versions 8.0.1.4 IF3 or 9.0.1.0 IF5 or later.
Which versions are affected by CVE-2016-3025?
Versions of IBM Security Access Manager for Mobile prior to 8.0.1.4 IF3 and Security Access Manager versions before 9.0.1.0 IF5 are affected by CVE-2016-3025.
What type of attack does CVE-2016-3025 enable?
CVE-2016-3025 allows remote attackers to perform brute-force attacks due to insufficient restrictions on failed login attempts.
Is there a workaround for CVE-2016-3025?
There are no specific workarounds for CVE-2016-3025, and upgrading to the patched versions is the recommended mitigation.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/oracle access manager
- version/oracle access manager/9.0.0
- version/oracle access manager/9.0.0.1
- version/oracle access manager/9.0.1.0
- canonical/ibm security access manager for mobile
- version/ibm security access manager for mobile/8.0.0.0
- version/ibm security access manager for mobile/8.0.0.1
- version/ibm security access manager for mobile/8.0.0.2
- version/ibm security access manager for mobile/8.0.0.3
- version/ibm security access manager for mobile/8.0.0.4
- version/ibm security access manager for mobile/8.0.0.5
- version/ibm security access manager for mobile/8.0.1
- version/ibm security access manager for mobile/8.0.1.2
- version/ibm security access manager for mobile/8.0.1.3
- version/ibm security access manager for mobile/8.0.1.4