CVE-2016-3043 - Vulnerability Details

Vendors	Products
Ibm	Security Access Manager 9.0 Firmware Security Access Manager For Mobile Security Access Manager For Mobile Appliance Security Access Manager For Web 7.0 Firmware Security Access Manager For Web 8.0 Firmware Security Access Manager For Web Appliance

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg21995446
http://www.securityfocus.com/bid/95107

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Access Manager", "vendor": "IBM Corporation", "versions": [{"status": "affected", "version": "9.0"}, {"status": "affected", "version": "9.0.0.1"}, {"status": "affected", "version": "9.0.1"}, {"status": "affected", "version": "7.0.0"}, {"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "8.0.0.1"}, {"status": "affected", "version": "8.0.0.2"}, {"status": "affected", "version": "8.0.0.3"}, {"status": "affected", "version": "8.0.0.4"}, {"status": "affected", "version": "8.0.0.5"}, {"status": "affected", "version": "8.0.1"}, {"status": "affected", "version": "8.0.1.2"}, {"status": "affected", "version": "8.0.1.3"}, {"status": "affected", "version": "8.0.1.4"}, {"status": "affected", "version": "9.0.0"}, {"status": "affected", "version": "9.0.1.0"}]}], "datePublic": "2017-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-02T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995446"}, {"name": "95107", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95107"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-3043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Access Manager", "version": {"version_data": [{"version_value": "9.0"}, {"version_value": "9.0.0.1"}, {"version_value": "9.0.1"}, {"version_value": "7.0.0"}, {"version_value": "8.0.0"}, {"version_value": "8.0.0.1"}, {"version_value": "8.0.0.2"}, {"version_value": "8.0.0.3"}, {"version_value": "8.0.0.4"}, {"version_value": "8.0.0.5"}, {"version_value": "8.0.1"}, {"version_value": "8.0.1.2"}, {"version_value": "8.0.1.3"}, {"version_value": "8.0.1.4"}, {"version_value": "9.0.0"}, {"version_value": "9.0.1.0"}]}}]}, "vendor_name": "IBM Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=swg21995446", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21995446"}, {"name": "95107", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95107"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:40:15.129Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995446"}, {"name": "95107", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95107"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-3043", "datePublished": "2017-02-01T20:00:00", "dateReserved": "2016-03-09T00:00:00", "dateUpdated": "2024-08-05T23:40:15.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Access Manager (string)

vendor : IBM Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : 9.0 (string)

}

1 : { »

status : affected (string)

version : 9.0.0.1 (string)

}

2 : { »

status : affected (string)

version : 9.0.1 (string)

}

3 : { »

status : affected (string)

version : 7.0.0 (string)

}

4 : { »

status : affected (string)

version : 8.0.0 (string)

}

5 : { »

status : affected (string)

version : 8.0.0.1 (string)

}

6 : { »

status : affected (string)

version : 8.0.0.2 (string)

}

7 : { »

status : affected (string)

version : 8.0.0.3 (string)

}

8 : { »

status : affected (string)

version : 8.0.0.4 (string)

}

9 : { »

status : affected (string)

version : 8.0.0.5 (string)

}

10 : { »

status : affected (string)

version : 8.0.1 (string)

}

11 : { »

status : affected (string)

version : 8.0.1.2 (string)

}

12 : { »

status : affected (string)

version : 8.0.1.3 (string)

}

13 : { »

status : affected (string)

version : 8.0.1.4 (string)

}

14 : { »

status : affected (string)

version : 9.0.0 (string)

}

15 : { »

status : affected (string)

version : 9.0.1.0 (string)

}

]

}

]

datePublic : 2017-02-01T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Obtain Information (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-02-02T10:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995446 (string)

}

1 : { »

name : 95107 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/95107 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2016-3043 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Access Manager (string)

version : { »

version_data : [ »

0 : { »

version_value : 9.0 (string)

}

1 : { »

version_value : 9.0.0.1 (string)

}

2 : { »

version_value : 9.0.1 (string)

}

3 : { »

version_value : 7.0.0 (string)

}

4 : { »

version_value : 8.0.0 (string)

}

5 : { »

version_value : 8.0.0.1 (string)

}

6 : { »

version_value : 8.0.0.2 (string)

}

7 : { »

version_value : 8.0.0.3 (string)

}

8 : { »

version_value : 8.0.0.4 (string)

}

9 : { »

version_value : 8.0.0.5 (string)

}

10 : { »

version_value : 8.0.1 (string)

}

11 : { »

version_value : 8.0.1.2 (string)

}

12 : { »

version_value : 8.0.1.3 (string)

}

13 : { »

version_value : 8.0.1.4 (string)

}

14 : { »

version_value : 9.0.0 (string)

}

15 : { »

version_value : 9.0.1.0 (string)

}

]

}

]

}

vendor_name : IBM Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Obtain Information (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.ibm.com/support/docview.wss?uid=swg21995446 (string)

refsource : CONFIRM (string)

url : http://www.ibm.com/support/docview.wss?uid=swg21995446 (string)

}

1 : { »

name : 95107 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/95107 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T23:40:15.129Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995446 (string)

}

1 : { »

name : 95107 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/95107 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2016-3043 (string)

datePublished : 2017-02-01T20:00:00 (string)

dateReserved : 2016-03-09T00:00:00 (string)

dateUpdated : 2024-08-05T23:40:15.129Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A5ACB34-BC23-4175-9F6A-91FB6762A040", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35BD8955-4735-4FDC-906A-B404C4E36417", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "6921A2CC-67D0-41B5-908B-F002C14AFD70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "506C4B29-BC71-4C56-BAB1-06E63BEB1DD3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5B95177-2AA3-45D4-895D-56CA35B32813", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."}, {"lang": "es", "value": "IBM Security Access Manager para Web podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n sensible, causada por el error de habilitar correctamente HTTP Strict Transport Security. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n sensible utilizando t\u00e9cnicas man-in-the-middle."}], "id": "CVE-2016-3043", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-01T20:59:00.770", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995446"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95107"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A5ACB34-BC23-4175-9F6A-91FB6762A040 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 35BD8955-4735-4FDC-906A-B404C4E36417 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1C5EBB4D-36F8-453C-9D2C-A63490144596 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6921A2CC-67D0-41B5-908B-F002C14AFD70 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 506C4B29-BC71-4C56-BAB1-06E63BEB1DD3 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F5B95177-2AA3-45D4-895D-56CA35B32813 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. (string)

}

1 : { »

lang : es (string)

value : IBM Security Access Manager para Web podría permitir a un atacante remoto obtener información sensible, causada por el error de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle. (string)

}

]

id : CVE-2016-3043 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.9 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.2 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-02-01T20:59:00.770 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995446 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/95107 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www.ibm.com/support/docview.wss?uid=swg21995446 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/95107 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object