IBM Security Access Manager appliance use password stash files, which may be encrypted using a weak encryption algorithm.
CVEID: CVE-2016-3019**
DESCRIPTION:** IBM Security Access Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114462 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
IBM Security Access Manager 9.0, all firmware versions
Product
| VRMF|APAR|Remediation
—|—|—|—
IBM Security Access Manager| 9.0 -
9.0.2.0, 9.0.3.0| IV92169| 1. For releases prior to ISAM 9.0.3.0, upgrade to 9.0.3.0:
IBM Security Access Manager V9.0.3 Multiplatform, Multilingual (CRW4EML)
2. Apply 9.0.3.0 IF0001:
9.0.3.0-ISS-ISAM-IF0001
None.