CVE-2016-3019
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/114462
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21988419
References
- http://www.ibm.com/support/docview.wss?uid=swg21988419
- http://www.securityfocus.com/bid/98832
- http://www.securitytracker.com/id/1038616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/114462
- http://www.ibm.com/support/docview.wss?uid=swg21988419
- http://www.securityfocus.com/bid/98832
- http://www.securitytracker.com/id/1038616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/114462
CWEs
CWE-326
Verify integrity in audit chain (admin only). AS-IS.