Remote Code Execution Vulnerability in IBM Security Access Manager
CVE-2016-3028
9.1CRITICAL
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 25 November 2016
Summary
IBM Security Access Manager for Web versions prior to 7.0 IF2, 8.0 IF3, and 9.0 IF5 expose a significant security risk. This vulnerability enables remote authenticated users to leverage LMI admin privileges, potentially executing arbitrary commands on the server. Organizations using affected versions are encouraged to apply security patches and implement appropriate security measures to mitigate exploitation risks.
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved