What is the severity of CVE-2016-3027?

CVE-2016-3027 has a medium severity rating due to its potential for denial of service and exposure of sensitive information.

How do I fix CVE-2016-3027?

To fix CVE-2016-3027, apply the latest security patches from IBM for the affected versions of IBM Security Access Manager.

What systems are affected by CVE-2016-3027?

CVE-2016-3027 affects IBM Security Access Manager for Web versions 8.0.0 to 8.0.1.4 and IBM Security Access Manager for Mobile versions 8.0.0.1 to 8.0.1.4.

Can CVE-2016-3027 lead to data loss?

Yes, CVE-2016-3027 could potentially lead to data loss if exploited to exhaust memory resources.

Is CVE-2016-3027 being actively exploited?

As of the last updates, there were no public reports confirming active exploitation of CVE-2016-3027.

Vulnerability/
CVE-2016-3027

medium

6.5

CWE

611

1/2/2017

5/8/2024

CVE-2016-3027: XEE

First published: Wed Feb 01 2017(Updated: 8 months ago)

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Access Manager 9.0	=9.0.0
IBM Security Access Manager 9.0	=9.0.0.1
IBM Security Access Manager 9.0	=9.0.1.0
IBM Security Access Manager for Mobile	=8.0.0.1
IBM Security Access Manager for Mobile	=8.0.0.2
IBM Security Access Manager for Mobile	=8.0.0.3
IBM Security Access Manager for Mobile	=8.0.0.5
IBM Security Access Manager for Mobile	=8.0.1.0
IBM Security Access Manager for Mobile	=8.0.1.2
IBM Security Access Manager for Mobile	=8.0.1.3
IBM Security Access Manager for Mobile	=8.0.1.4
IBM Security Access Manager for Web 8.0	=8.0.0.1
IBM Security Access Manager for Web 8.0	=8.0.0.2
IBM Security Access Manager for Web 8.0	=8.0.0.3
IBM Security Access Manager for Web 8.0	=8.0.0.5
IBM Security Access Manager for Web 8.0	=8.0.1.0
IBM Security Access Manager for Web 8.0	=8.0.1.2
IBM Security Access Manager for Web 8.0	=8.0.1.3
IBM Security Access Manager for Web 8.0	=8.0.1.4
IBM Security Access Manager	=8.0
IBM Security Access Manager for Web Appliance	=8.0

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21994440

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3027?
CVE-2016-3027 has a medium severity rating due to its potential for denial of service and exposure of sensitive information.
How do I fix CVE-2016-3027?
To fix CVE-2016-3027, apply the latest security patches from IBM for the affected versions of IBM Security Access Manager.
What systems are affected by CVE-2016-3027?
CVE-2016-3027 affects IBM Security Access Manager for Web versions 8.0.0 to 8.0.1.4 and IBM Security Access Manager for Mobile versions 8.0.0.1 to 8.0.1.4.
Can CVE-2016-3027 lead to data loss?
Yes, CVE-2016-3027 could potentially lead to data loss if exploited to exhaust memory resources.
Is CVE-2016-3027 being actively exploited?
As of the last updates, there were no public reports confirming active exploitation of CVE-2016-3027.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/weakness
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm security access manager 9.0
version/ibm security access manager 9.0/9.0.0
version/ibm security access manager 9.0/9.0.0.1
version/ibm security access manager 9.0/9.0.1.0
canonical/ibm security access manager for mobile
version/ibm security access manager for mobile/8.0.0.1
version/ibm security access manager for mobile/8.0.0.2
version/ibm security access manager for mobile/8.0.0.3
version/ibm security access manager for mobile/8.0.0.5
version/ibm security access manager for mobile/8.0.1.0
version/ibm security access manager for mobile/8.0.1.2
version/ibm security access manager for mobile/8.0.1.3
version/ibm security access manager for mobile/8.0.1.4
canonical/ibm security access manager for web 8.0
version/ibm security access manager for web 8.0/8.0.0.1
version/ibm security access manager for web 8.0/8.0.0.2
version/ibm security access manager for web 8.0/8.0.0.3
version/ibm security access manager for web 8.0/8.0.0.5
version/ibm security access manager for web 8.0/8.0.1.0
version/ibm security access manager for web 8.0/8.0.1.2
version/ibm security access manager for web 8.0/8.0.1.3
version/ibm security access manager for web 8.0/8.0.1.4
canonical/ibm security access manager
version/ibm security access manager/8.0
canonical/ibm security access manager for web appliance
version/ibm security access manager for web appliance/8.0