CVE-2016-3045

low

Published 2017-02-01 · Modified 2026-05-13

CVSS v3

3.7

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2

4.3

VIR risk

3.7

Description

IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.

Predictions

Exploit likelihood

47%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21995435

Application impact

Vendor	Product	Versions
ibm	security_access_manager	`9.0.0`
ibm	security_access_manager	`9.0.0.1`
ibm	security_access_manager	`9.0.1.0`
ibm	security_access_manager_for_mobile	`8.0.0.0`
ibm	security_access_manager_for_mobile	`8.0.0.5`
ibm	security_access_manager_for_mobile	`8.0.1`
ibm	security_access_manager_for_mobile	`8.0.1.2`
ibm	security_access_manager_for_mobile	`8.0.1.3`
ibm	security_access_manager_for_mobile	`8.0.1.4`
ibm	security_access_manager_for_web	`7.0.0`
ibm	security_access_manager_for_web	`8.0.0`
ibm	security_access_manager_for_web	`8.0.1`
ibm	security_access_manager_for_web	`8.0.1.1`
ibm	security_access_manager_for_web	`8.0.1.2`
ibm	security_access_manager_for_web	`8.0.1.3`
ibm	security_access_manager_for_web	`8.0.1.4`

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.