Remote Command Injection in IBM Security Access Manager for Web and Mobile
CVE-2014-4823

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Web 7.0 Firmware; Security Access Manager For Web Appliance
Vendor: CVE Published:; 3 October 2014

Summary

The administration console in IBM Security Access Manager for Web and Mobile versions prior to specified updates contains a vulnerability that allows remote attackers to inject system commands through unspecified means. This flaw could potentially enable unauthorized access or control over affected systems, posing significant risks to the integrity and confidentiality of data handled by the applications.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684466

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95573

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919

vendor-advisoryx_refsource_AIXAPAR

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 3, 2014
Vulnerability Reserved
Jul 9, 2014