IBMD8368AC6C7FDDB03FDBD57D16CECAFE19DEBB5A54FE378BC162D628E0F5E55FFSecurity Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025)
EPSS
Percentile
87.0%
Summary
The default account lockout setting in IBM Security Access Manager for Mobile could allow a remote attacker to use brute force to discover account credentials.
Vulnerability Details
CVEID: CVE-2016-3025**
DESCRIPTION:** IBM Security Access Manager for Mobile uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114473 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0, all firmware versions
IBM Security Access Manager 9.0, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Security Access Manager for Mobile | 8.0.0.0 - | ||
| 8.0.1.4 | IV89258 | 1. For releases prior to 8.0.1.4, upgrade to 8.0.1.4: | |
| 8.0.1-ISS-ISAM-FP0004 | |||
| 2. Apply 8.0.1.4 Interim Fix 3: | |||
| 8.0.1.4-ISS-ISAM-IF0003 | |||
| IBM Security Access Manager | 9.0 - | ||
| 9.0.1.0 | IV89240 | 1. For 9.0 environments, upgrade to 9.0.1.0: | |
| IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) | |||
| 2. Apply 9.0.1.0 Interim Fix 5: | |||
| 9.0.1.0-ISS-ISAM-IF0005 |
Workarounds and Mitigations
None.
Related
EPSS
Percentile
87.0%