Vulnerabilities > IBM > Security Access Manager FOR Mobile 8 0 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-3027 XXE vulnerability in IBM products
IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data.
network
low complexity
ibm CWE-611
6.5
2017-02-01 CVE-2016-3024 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
4.0
2017-02-01 CVE-2016-3023 Information Exposure vulnerability in IBM products
IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names.
network
low complexity
ibm CWE-200
5.3
2017-02-01 CVE-2016-3022 Permission Issues vulnerability in IBM products
IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.
network
low complexity
ibm CWE-275
6.5
2017-02-01 CVE-2016-3016 Insufficient Verification of Data Authenticity vulnerability in IBM products
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
network
high complexity
ibm CWE-345
4.4