Vulnerabilities > IBM > Security Access Manager FOR WEB 7 0 Firmware > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-07	CVE-2016-3020	Improper Access Control vulnerability in IBM products IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. local low complexity ibm CWE-284	5.5
2017-02-01	CVE-2016-3043	Information Exposure vulnerability in IBM products IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. network high complexity ibm CWE-200	5.9
2017-02-01	CVE-2016-3023	Information Exposure vulnerability in IBM products IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names. network low complexity ibm CWE-200	5.3
2017-02-01	CVE-2016-3022	Permission Issues vulnerability in IBM products IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions. network low complexity ibm CWE-275	6.5
2017-02-01	CVE-2016-3016	Insufficient Verification of Data Authenticity vulnerability in IBM products IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. network high complexity ibm CWE-345	4.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.