Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2017
CVE-2016-2987
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-02-01
CVE-2016-3016
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
CVSS Score
4.4
EPSS Score
0.001
Published
2017-02-01
CVE-2016-3017
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-02-01
CVE-2016-3018
IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-02-01
CVE-2016-3021
IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.
CVSS Score
2.7
EPSS Score
0.001
Published
2017-02-01
CVE-2016-3022
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-02-01
CVE-2016-3023
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-02-01
CVE-2016-3024
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
CVSS Score
4.0
EPSS Score
0.001
Published
2017-02-01
CVE-2016-3027
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-02-01
CVE-2016-3029
IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-02-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved