Description

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

Remediation

References

CVE-2016-3028

Related Vulnerabilities

MySQL CVE-2015-2643 Vulnerability (CVE-2015-2643)

Jboss EAP Permission Issues Vulnerability (CVE-2016-7066)

WordPress Plugin Simple Social Media Share Buttons-Social Sharing for Everyone Cross-Site Scripting (3.2.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35622)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.24)

Severity

Critical

Classification

CVE-2016-3028 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities