Vulnerability Details CVE-2016-3028
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.4%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 9.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
- http://www-01.ibm.com/support/docview.wss?uid=swg21990317
- http://www.securityfocus.com/bid/93176
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326
- http://www-01.ibm.com/support/docview.wss?uid=swg21990317
- http://www.securityfocus.com/bid/93176
Products affected by CVE-2016-3028
-
cpe:2.3:a:ibm:security_access_manager:9.0.0
-
cpe:2.3:a:ibm:security_access_manager:9.0.0.1
-
cpe:2.3:a:ibm:security_access_manager:9.0.1.0
-
cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4