Remote Code Execution Vulnerability in IBM Security Access Manager
CVE-2016-3028

9.1CRITICAL

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 November 2016

Summary

IBM Security Access Manager for Web versions prior to 7.0 IF2, 8.0 IF3, and 9.0 IF5 expose a significant security risk. This vulnerability enables remote authenticated users to leverage LMI admin privileges, potentially executing arbitrary commands on the server. Organizations using affected versions are encouraged to apply security patches and implement appropriate security measures to mitigate exploitation risks.

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.