IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Web has been identified (CVE-2016-3025)

The default account lockout setting in IBM Security Access Manager for Web could allow a remote attacker to use brute force to discover account credentials.

CVE(s): CVE-2016-3025

Affected product(s) and affected version(s):

IBM Security Access Manager for Web 7.0 appliances

IBM Security Access Manager for Web 8.0, all firmware versions

IBM Security Access Manager 9.0, all firmware versions

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2cwoQC0
X-Force Database: http://ift.tt/2dm9JkD

from IBM Product Security Incident Response Team http://ift.tt/2cwpNKB