Remote Code Execution Vulnerability in IBM Security Access Manager
CVE-2016-3028

9.1CRITICAL

Key Information:

Vendor

IBM
Status
Security Access Manager
Security Access Manager For Web
Vendor
CVE Published:
25 November 2016

What is CVE-2016-3028?

IBM Security Access Manager for Web versions prior to 7.0 IF2, 8.0 IF3, and 9.0 IF5 expose a significant security risk. This vulnerability enables remote authenticated users to leverage LMI admin privileges, potentially executing arbitrary commands on the server. Organizations using affected versions are encouraged to apply security patches and implement appropriate security measures to mitigate exploitation risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21990317
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93176
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.