IBM Security Access Manager version 9 appliances are affected by a vulnerability in postgreSQL.
CVEID: CVE-2016-0773**
DESCRIPTION:** PostgreSQL is vulnerable to a denial of service, caused by an error when parsing regular expression. By using out-of-range Unicode characters, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110626> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM Security Access Manager 9.0, all firmware versions
IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Security Access Manager | 9.0 | IV87111 | 1. For versions prior to 9.0.1.0, upgrade to 9.0.1.0: |
IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) | |||
2. Apply 9.0.1.0 Interim Fix 4: | |||
9.0.1.0-ISS-ISAM-IF0004 |
None.
CPE | Name | Operator | Version |
---|---|---|---|
ibm security access manager | eq | 9.0 | |
ibm security access manager | eq | 9.0.0.1 | |
ibm security access manager | eq | 9.0.1 |