PT-2014-6141 · Ibm · Ibm Security Access Manager For Mobile+1

Published

2014-10-03

Updated

2017-08-29

CVE-2014-4823

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Security Access Manager for Web versions 7.x before 7.0.0-ISS-WGA-IF0009 IBM Security Access Manager for Web versions 8.x before 8.0.0-ISS-WGA-FP0005 IBM Security Access Manager for Mobile versions 8.x before 8.0.0-ISS-ISAM-FP0005

Description The administration console in the affected software allows remote attackers to inject system commands via unspecified vectors.

Recommendations For IBM Security Access Manager for Web versions 7.x before 7.0.0-ISS-WGA-IF0009, update to 7.0.0-ISS-WGA-IF0009 or later. For IBM Security Access Manager for Web versions 8.x before 8.0.0-ISS-WGA-FP0005, update to 8.0.0-ISS-WGA-FP0005 or later. For IBM Security Access Manager for Mobile versions 8.x before 8.0.0-ISS-ISAM-FP0005, update to 8.0.0-ISS-ISAM-FP0005 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2014-4823

Affected Products

Ibm Security Access Manager For Mobile

Ibm Security Access Manager For Web

PT-2014-6141 · Ibm · Ibm Security Access Manager For Mobile+1

CVE-2014-4823

Weakness Enumeration

Related Identifiers

Affected Products

References · 7