Description

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

Remediation

References

CVE-2016-3028

Related Vulnerabilities

WordPress Plugin Shariff for WordPress Cross-Site Scripting (1.0.7)

WordPress Plugin iubenda-All-in-one Compliance for GDPR/CCPA Cookie Consent + more Privilege Escalation (3.3.2)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Unspecified Vulnerability (2.0.40)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7911)

WordPress Plugin vSlider Multi Image Slider for WordPress Arbitrary File Upload (4.1.2)

Severity

Critical

Classification

CVE-2016-3028 CWE-138 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities