VYPR
← All advisories
Low severity3.7NVD Advisory· Published Feb 1, 2017· Updated May 13, 2026

CVE-2016-3045

CVE-2016-3045

Description

IBM Security Access Manager appliances store sensitive data in URL parameters, exposing it to unauthorized parties via logs, referer headers, or browser history.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Security Access Manager appliances store sensitive data in URL parameters, exposing it to unauthorized parties via logs, referer headers, or browser history.

Vulnerability

IBM Security Access Manager for Web and related appliances store sensitive information in URL parameters. Affected versions include IBM Security Access Manager for Web 7.0 and 8.0, IBM Security Access Manager for Mobile 8.0, and IBM Security Access Manager 9.0 appliances, all firmware versions. [1]

Exploitation

An attacker requires access to server logs, referer headers, or browser history where these URLs are recorded. No authentication is needed; network access to logs or the ability to capture referer headers (e.g., via cross-site requests) could expose the sensitive data. [1]

Impact

Successful exploitation leads to information disclosure of sensitive data contained in URL parameters. The CVSS vector indicates low confidentiality impact, with no integrity or availability impact. [1]

Mitigation

IBM has not provided a workaround or mitigation in the available bulletin; the section states "None." [1] Users should monitor for future updates or consider additional security controls to protect URL parameters.

References
  1. Security Bulletin: IBM Security Access Manager appliances are affected by an information disclosure vulnerability (CVE-2016-3045)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

18
  • IBM/Security Access Manager For Web 8.0 Firmware11 versions
    cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*
    • (no CPE)
  • IBM/Security Access Manager For Mobile6 versions
    cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*
  • IBM Corporation/Access Managerv5
    Range: 9.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.