PT-2016-3656 · Ibm · Ibm Security Access Manager+1

Chris Shepherd

+5

·

Published

2016-01-02

·

Updated

2016-12-07

·

CVE-2015-5018

CVSS v2.0

8.5

High

VectorAV:N/AC:M/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions IBM Security Access Manager for Web versions 7.0.0 through 7.0.0 before FP19 IBM Security Access Manager for Web version 8.0 before 8.0.1.3 IF3 IBM Security Access Manager version 9.0 before 9.0.0.0 IF1
Description The issue allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
Recommendations For IBM Security Access Manager for Web versions 7.0.0 through 7.0.0 before FP19, apply FP19 to resolve the issue. For IBM Security Access Manager for Web version 8.0 before 8.0.1.3 IF3, update to 8.0.1.3 IF3 or later. For IBM Security Access Manager version 9.0 before 9.0.0.0 IF1, update to 9.0.0.0 IF1 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2015-5018

Affected Products

Ibm Security Access Manager
Ibm Security Access Manager For Web