Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9196B586E37F97C5C25F9D1D875117C2D9857DDCE95D8820B77DAD6F1C216C6A
HistoryJun 16, 2018 - 9:42 p.m.

Security Bulletin: IBM Security Access Manager for Mobile is affected by a vulnerability in nss-util (CVE-2016-1950)

2018-06-1621:42:32
www.ibm.com
29

0.01 Low

EPSS

Percentile

83.7%

JSON

Summary

Network Security Services (NSS), which is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

A heap-based buffer overflow vulnerability in the NSS libraries affects IBM Security Access Manager for Mobile.

Vulnerability Details

CVEID: CVE-2016-1950**
DESCRIPTION:** Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when the Network Security Services (NSS) libraries parsed certain ASN.1 structures. By persuading a victim to open a specially crafted certificate, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Security Access Manager for Mobile 8.0, all firmware versions

IBM Security Access Manager 9.0, all firmware versions

Remediation/Fixes

The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.

Product VRMF APAR Remediation
IBM Security Access Manager for Mobile 8.0.0.0 -
8.0.1.3 IV84752 Upgrade to 8.0.1.4:
8.0.1-ISS-ISAM-FP0004
IBM Security Access Manager 9.0 IV84714 Upgrade to 9.0.1.0:
IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML)

Related

redhat 3
cve 1
centos 2
nvd 1
debiancve 1
openvas 45
f5 2
nessus 46
cvelist 1
ibm 6
oraclelinux 4
amazon 1
mageia 2
ubuntu 5
veracode 1
prion 1
mozilla 1
ubuntucve 1
freebsd 1
googleprojectzero 1
symantec 1
osv 3
debian 4
suse 9
apple 8
kaspersky 1
gentoo 1
oracle 3
redhat
redhat
(RHSA-2016:0371) Critical: nss security update
2016-03-09 00:00:00
(RHSA-2016:0495) Critical: nss-util security update
2016-03-23 00:00:00
(RHSA-2016:0370) Critical: nss-util security update
2016-03-09 00:00:00
cve
cve
CVE-2016-1950
2016-03-13 18:59:00
centos
centos
nss security update
2016-03-09 05:42:52
nss security update
2016-03-09 05:32:53
nvd
nvd
CVE-2016-1950
2016-03-13 18:59:00
debiancve
debiancve
CVE-2016-1950
2016-03-13 18:59:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2016-35) - Linux
2021-11-08 00:00:00
Oracle: Security Advisory (ELSA-2016-0371)
2016-03-11 00:00:00
CentOS Update for nss CESA-2016:0371 centos5
2016-03-10 00:00:00
f5
f5
K91100352 : Mozilla NSS vulnerability CVE-2016-1950
2016-04-13 00:00:00
SOL91100352 - Mozilla NSS vulnerability CVE-2016-1950
2016-04-13 00:00:00
nessus
nessus
CentOS 5 : nss (CESA-2016:0371)
2016-03-09 00:00:00
RHEL 6 / 7 : nss-util (RHSA-2016:0370)
2016-03-09 00:00:00
RHEL 5 : nss (RHSA-2016:0371)
2016-03-09 00:00:00
cvelist
cvelist
CVE-2016-1950
2016-03-13 18:00:00
ibm
ibm
Security Bulletin: Vulnerability in Network Security Services (NSS) affects IBM MQ Appliance (CVE-2016-1950)
2018-06-15 07:05:23
Security Bulletin: A vulnerability in nss-util affects PowerKVM (CVE-2016-1950)
2018-06-18 01:30:51
Security Bulletin: Nss-util vulnerabilities affect IBM SmartCloud Entry( CVE-2016-1950 )
2020-07-19 00:49:12
oraclelinux
oraclelinux
nss security update
2016-03-09 00:00:00
nss-util security update
2016-03-09 00:00:00
nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
amazon
amazon
Critical: nss-util
2016-03-10 16:30:00
mageia
mageia
Updated nss packages fix CVE-2016-1950
2016-03-16 21:07:23
Updated firefox packages fix security vulnerabilities
2016-03-10 01:57:53
ubuntu
ubuntu
NSS vulnerability
2016-03-09 00:00:00
Thunderbird vulnerabilities
2016-04-27 00:00:00
Firefox regressions
2016-04-19 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:10:27
prion
prion
Heap overflow
2016-03-13 18:59:00
mozilla
mozilla
Buffer overflow during ASN.1 decoding in NSS — Mozilla
2016-03-08 00:00:00
ubuntucve
ubuntucve
CVE-2016-1950
2016-03-08 00:00:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-03-08 00:00:00
googleprojectzero
googleprojectzero
CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability
2022-04-07 00:00:00
symantec
symantec
SA119 : Multiple NSS Vulnerabilities
2016-03-22 08:00:00
osv
osv
nss - security update
2016-05-18 00:00:00
nss - security update
2016-10-05 00:00:00
iceweasel - security update
2016-03-09 00:00:00
debian
debian
[SECURITY] [DLA 480-1] nss security update
2016-05-18 18:34:37
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
[SECURITY] [DSA 3520-1] icedove security update
2016-03-18 21:06:06
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-06-11 22:07:57
Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (important)
2017-05-11 21:15:07
Security update for MozillaFirefox (important)
2016-03-18 18:12:42
apple
apple
About the security content of tvOS 9.2 - Apple Support
2017-01-23 03:54:34
About the security content of tvOS 9.2
2016-03-21 00:00:00
About the security content of watchOS 2.2
2016-03-21 00:00:00
kaspersky
kaspersky
KLA10765 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-03-08 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

0.01 Low

EPSS

Percentile

83.7%

JSON
Related for 9196B586E37F97C5C25F9D1D875117C2D9857DDCE95D8820B77DAD6F1C216C6A
redhat3cve1centos2nvd1debiancve1openvas45f52nessus46cvelist1ibm6oraclelinux4amazon1mageia2ubuntu5veracode1prion1mozilla1ubuntucve1freebsd1googleprojectzero1symantec1osv3debian4suse9apple8kaspersky1gentoo1oracle3