What is the severity of CVE-2016-3029?

CVE-2016-3029 has a high severity rating due to the potential for unauthorized actions being executed by an attacker.

How do I fix CVE-2016-3029?

To mitigate the risk from CVE-2016-3029, users should apply the latest security patches provided by IBM for all affected versions.

Which IBM products are affected by CVE-2016-3029?

CVE-2016-3029 affects IBM Security Access Manager for Web and IBM Security Access Manager for Mobile versions specified in the CVE.

What type of vulnerability is CVE-2016-3029?

CVE-2016-3029 is classified as a cross-site request forgery (CSRF) vulnerability.

Can I determine if my system is vulnerable to CVE-2016-3029?

If you are using any affected versions of IBM Security Access Manager for Web or Mobile, your system is potentially vulnerable to CVE-2016-3029.

Vulnerability/
CVE-2016-3029

high

8.8

CWE

352

1/2/2017

5/8/2024

CVE-2016-3029: CSRF

First published: Wed Feb 01 2017(Updated: )

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Access Manager 9.0	=9.0.0
IBM Security Access Manager 9.0	=9.0.0.1
IBM Security Access Manager 9.0	=9.0.1.0
IBM Security Access Manager for Mobile	=8.0.0.1
IBM Security Access Manager for Mobile	=8.0.0.2
IBM Security Access Manager for Mobile	=8.0.0.3
IBM Security Access Manager for Mobile	=8.0.0.5
IBM Security Access Manager for Mobile	=8.0.1.0
IBM Security Access Manager for Mobile	=8.0.1.2
IBM Security Access Manager for Mobile	=8.0.1.3
IBM Security Access Manager for Mobile	=8.0.1.4
IBM Security Access Manager for Web 8.0	=8.0.0.1
IBM Security Access Manager for Web 8.0	=8.0.0.2
IBM Security Access Manager for Web 8.0	=8.0.0.3
IBM Security Access Manager for Web 8.0	=8.0.0.5
IBM Security Access Manager for Web 8.0	=8.0.1.0
IBM Security Access Manager for Web 8.0	=8.0.1.2
IBM Security Access Manager for Web 8.0	=8.0.1.3
IBM Security Access Manager for Web 8.0	=8.0.1.4
IBM Security Access Manager for Mobile Appliance	=8.0
IBM Security Access Manager for Web	=8.0

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21995345

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3029?
CVE-2016-3029 has a high severity rating due to the potential for unauthorized actions being executed by an attacker.
How do I fix CVE-2016-3029?
To mitigate the risk from CVE-2016-3029, users should apply the latest security patches provided by IBM for all affected versions.
Which IBM products are affected by CVE-2016-3029?
CVE-2016-3029 affects IBM Security Access Manager for Web and IBM Security Access Manager for Mobile versions specified in the CVE.
What type of vulnerability is CVE-2016-3029?
CVE-2016-3029 is classified as a cross-site request forgery (CSRF) vulnerability.
Can I determine if my system is vulnerable to CVE-2016-3029?
If you are using any affected versions of IBM Security Access Manager for Web or Mobile, your system is potentially vulnerable to CVE-2016-3029.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/weakness
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm security access manager 9.0
version/ibm security access manager 9.0/9.0.0
version/ibm security access manager 9.0/9.0.0.1
version/ibm security access manager 9.0/9.0.1.0
canonical/ibm security access manager for mobile
version/ibm security access manager for mobile/8.0.0.1
version/ibm security access manager for mobile/8.0.0.2
version/ibm security access manager for mobile/8.0.0.3
version/ibm security access manager for mobile/8.0.0.5
version/ibm security access manager for mobile/8.0.1.0
version/ibm security access manager for mobile/8.0.1.2
version/ibm security access manager for mobile/8.0.1.3
version/ibm security access manager for mobile/8.0.1.4
canonical/ibm security access manager for web 8.0
version/ibm security access manager for web 8.0/8.0.0.1
version/ibm security access manager for web 8.0/8.0.0.2
version/ibm security access manager for web 8.0/8.0.0.3
version/ibm security access manager for web 8.0/8.0.0.5
version/ibm security access manager for web 8.0/8.0.1.0
version/ibm security access manager for web 8.0/8.0.1.2
version/ibm security access manager for web 8.0/8.0.1.3
version/ibm security access manager for web 8.0/8.0.1.4
canonical/ibm security access manager for mobile appliance
version/ibm security access manager for mobile appliance/8.0
canonical/ibm security access manager for web
version/ibm security access manager for web/8.0