What is the severity of CVE-2016-3045?

CVE-2016-3045 is rated as a medium severity vulnerability due to potential information disclosure risks.

How do I fix CVE-2016-3045?

To fix CVE-2016-3045, ensure that sensitive information is not transmitted via URL parameters and implement access controls for server logs.

What is affected by CVE-2016-3045?

CVE-2016-3045 affects multiple versions of IBM Security Access Manager for Web and IBM Security Access Manager for Mobile.

What are the potential risks of CVE-2016-3045?

The potential risks of CVE-2016-3045 include unauthorized access to sensitive information through server logs, referer headers, or browser history.

Is there a workaround for CVE-2016-3045?

A possible workaround for CVE-2016-3045 is to avoid using URL parameters for sensitive information and promote secure coding practices.

Vulnerability/
CVE-2016-3045

medium

4.3

CWE

200

1/2/2017

5/8/2024

CVE-2016-3045: Infoleak

First published: Wed Feb 01 2017(Updated: )

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Access Manager Appliance	=9.0.0
IBM Security Access Manager Appliance	=9.0.0.1
IBM Security Access Manager Appliance	=9.0.1.0
IBM Security Access Manager for Mobile	=8.0.0.0
IBM Security Access Manager for Mobile	=8.0.0.5
IBM Security Access Manager for Mobile	=8.0.1
IBM Security Access Manager for Mobile	=8.0.1.2
IBM Security Access Manager for Mobile	=8.0.1.3
IBM Security Access Manager for Mobile	=8.0.1.4
IBM Security Access Manager	=7.0.0
IBM Security Access Manager	=8.0.0
IBM Security Access Manager	=8.0.1
IBM Security Access Manager	=8.0.1.1
IBM Security Access Manager	=8.0.1.2
IBM Security Access Manager	=8.0.1.3
IBM Security Access Manager	=8.0.1.4

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21995435

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3045?
CVE-2016-3045 is rated as a medium severity vulnerability due to potential information disclosure risks.
How do I fix CVE-2016-3045?
To fix CVE-2016-3045, ensure that sensitive information is not transmitted via URL parameters and implement access controls for server logs.
What is affected by CVE-2016-3045?
CVE-2016-3045 affects multiple versions of IBM Security Access Manager for Web and IBM Security Access Manager for Mobile.
What are the potential risks of CVE-2016-3045?
The potential risks of CVE-2016-3045 include unauthorized access to sensitive information through server logs, referer headers, or browser history.
Is there a workaround for CVE-2016-3045?
A possible workaround for CVE-2016-3045 is to avoid using URL parameters for sensitive information and promote secure coding practices.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/last-modified-date
agent/author
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm security access manager appliance
version/ibm security access manager appliance/9.0.0
version/ibm security access manager appliance/9.0.0.1
version/ibm security access manager appliance/9.0.1.0
canonical/ibm security access manager for mobile
version/ibm security access manager for mobile/8.0.0.0
version/ibm security access manager for mobile/8.0.0.5
version/ibm security access manager for mobile/8.0.1
version/ibm security access manager for mobile/8.0.1.2
version/ibm security access manager for mobile/8.0.1.3
version/ibm security access manager for mobile/8.0.1.4
canonical/ibm security access manager
version/ibm security access manager/7.0.0
version/ibm security access manager/8.0.0
version/ibm security access manager/8.0.1
version/ibm security access manager/8.0.1.1
version/ibm security access manager/8.0.1.2
version/ibm security access manager/8.0.1.3
version/ibm security access manager/8.0.1.4