CVE-2016-3028 — CRITICAL (9.1)

Vulnerability Description

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

CVSS Score

9.1

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ibm	Security Access Manager	9.0.0
Ibm	Security Access Manager For Web	7.0.0

Related Weaknesses (CWE)

CWE-78

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990317Vendor Advisory
http://www.securityfocus.com/bid/93176
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21990317Vendor Advisory
http://www.securityfocus.com/bid/93176

FAQ

What is CVE-2016-3028?

CVE-2016-3028 is a vulnerability with a CVSS score of 9.1 (CRITICAL). IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by lever...

How severe is CVE-2016-3028?

CVE-2016-3028 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-3028?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager, Ibm Security Access Manager For Web.