CVE-2016-3029: CSRF

First published: Wed Feb 01 2017(Updated: )

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Security Access Manager 9.0 Firmware	=9.0.0
Ibm Security Access Manager 9.0 Firmware	=9.0.0.1
Ibm Security Access Manager 9.0 Firmware	=9.0.1.0
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.0.1
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.0.2
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.0.3
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.0.5
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.1.0
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.1.2
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.1.3
Ibm Security Access Manager For Mobile 8.0 Firmware	=8.0.1.4
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.0.1
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.0.2
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.0.3
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.0.5
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.1.0
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.1.2
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.1.3
Ibm Security Access Manager For Web 8.0 Firmware	=8.0.1.4
Ibm Security Access Manager For Mobile Appliance	=8.0
Ibm Security Access Manager For Web Appliance	=8.0

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21995345

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/remedy
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm security access manager 9.0 firmware
version/ibm security access manager 9.0 firmware/9.0.0
version/ibm security access manager 9.0 firmware/9.0.0.1
version/ibm security access manager 9.0 firmware/9.0.1.0
canonical/ibm security access manager for mobile 8.0 firmware
version/ibm security access manager for mobile 8.0 firmware/8.0.0.1
version/ibm security access manager for mobile 8.0 firmware/8.0.0.2
version/ibm security access manager for mobile 8.0 firmware/8.0.0.3
version/ibm security access manager for mobile 8.0 firmware/8.0.0.5
version/ibm security access manager for mobile 8.0 firmware/8.0.1.0
version/ibm security access manager for mobile 8.0 firmware/8.0.1.2
version/ibm security access manager for mobile 8.0 firmware/8.0.1.3
version/ibm security access manager for mobile 8.0 firmware/8.0.1.4
canonical/ibm security access manager for web 8.0 firmware
version/ibm security access manager for web 8.0 firmware/8.0.0.1
version/ibm security access manager for web 8.0 firmware/8.0.0.2
version/ibm security access manager for web 8.0 firmware/8.0.0.3
version/ibm security access manager for web 8.0 firmware/8.0.0.5
version/ibm security access manager for web 8.0 firmware/8.0.1.0
version/ibm security access manager for web 8.0 firmware/8.0.1.2
version/ibm security access manager for web 8.0 firmware/8.0.1.3
version/ibm security access manager for web 8.0 firmware/8.0.1.4
canonical/ibm security access manager for mobile appliance
version/ibm security access manager for mobile appliance/8.0
canonical/ibm security access manager for web appliance
version/ibm security access manager for web appliance/8.0

CVE-2016-3029: CSRF

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact