Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-3028

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

Published

2016-11-25T03:59:07.627

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	security_access_manager	9.0.0	Yes
Application	ibm	security_access_manager	9.0.0.1	Yes
Application	ibm	security_access_manager	9.0.1.0	Yes
Application	ibm	security_access_manager_for_web	7.0.0	Yes
Application	ibm	security_access_manager_for_web	8.0.0	Yes
Application	ibm	security_access_manager_for_web	8.0.0.2	Yes
Application	ibm	security_access_manager_for_web	8.0.0.4	Yes
Application	ibm	security_access_manager_for_web	8.0.0.5	Yes
Application	ibm	security_access_manager_for_web	8.0.1	Yes
Application	ibm	security_access_manager_for_web	8.0.1.2	Yes
Application	ibm	security_access_manager_for_web	8.0.1.3	Yes
Application	ibm	security_access_manager_for_web	8.0.1.4	Yes

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 Broken Link ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 Broken Link ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 Broken Link ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21990317 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/93176 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21990317 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/93176 (af854a3a-2127-422b-91ae-364da2661108)