A vulnerability in postgreSQL affects IBM Security Access Manager version 9.
CVEID: CVE-2015-5288**
DESCRIPTION:** PostgreSQL could allow a remote attacker to obtain sensitive information, caused by an error in the crypt() function included with the optional pgCrypto extension. By sending specially-crafted data, a remote attacker could exploit this vulnerability to read portions of memory.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107026 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Security Access Manager 9.0, all firmware versions
Follow the installation instructions in the README files included with the patch.
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Security Access Manager | 9.0 | IV86697 | 1. For versions prior to 9.0.1.0, upgrade to 9.0.1.0: |
IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) | |||
2. Apply 9.0.1.0 Interim Fix 2: | |||
9.0.1.0-ISS-ISAM-IF0002 |
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm security access manager | eq | 9.0 | |
ibm security access manager | eq | 9.0.0.1 | |
ibm security access manager | eq | 9.0.1 |