CRITICAL🇵🇱 Wersja polska

CVE-2016-3028

CVSS 9.1v3.0pub. 2016-11-25upd. 2026-05-06

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • IBM Security Access Manager

    APP
    Ibm
    9.0.09.0.0.19.0.1.0
  • IBM Security Access Manager For Web

    APP
    Ibm
    7.0.08.0.08.0.0.28.0.0.48.0.0.58.0.18.0.1.28.0.1.38.0.1.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2020-4499CRITICAL9.8ten sam produkt

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oau...

CVE-2018-1722CRITICAL10.0ten sam produkt

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Acce...

CVE-2023-30998HIGH7.8ten sam produkt

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access du...

CVE-2023-30997HIGH7.8ten sam produkt

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access du...

CVE-2023-38370HIGH7.5ten sam produkt

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user...