CVE-2016-3028

9.1CRITICAL

Key Information:

Vendor: IBM
Status: Security Access Manager; Security Access Manager For Web
Vendor: CVE Published:; 25 November 2016

Summary

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21990317

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93176

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 25, 2016
Vulnerability Reserved
Mar 9, 2016