Vulnerabilities > IBM > Security Access Manager FOR Mobile
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-01 | CVE-2016-3046 | SQL Injection vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to SQL injection. | 2.7 |
| 2017-02-01 | CVE-2016-3045 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web stores sensitive information in URL parameters. | 3.7 |
| 2017-02-01 | CVE-2016-3043 | Information Exposure vulnerability in IBM products IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-02-01 | CVE-2016-3018 | Cross-site Scripting vulnerability in IBM products IBM Security Access Manager for Web is vulnerable to cross-site scripting. | 6.1 |
| 2016-11-25 | CVE-2016-3025 | 7PK - Security Features vulnerability in IBM products IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | 8.1 |