Lucene search

[email protected]CVE-2015-5018

HistoryJan 02, 2016 - 5:59 a.m.

CVE-2015-5018

2016-01-0205:59:03

CWE-78

[email protected]

web.nvd.nist.gov

ibm

security access manager

web

os command execution

remote execution

vulnerability

cve-2015-5018

nvd

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.

Affected configurations

NVD

Node

ibmsecurity_access_manager_9.0_firmwareMatch9.0.0

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.1

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.2

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.3

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.4

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.5

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.6

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.7

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.8

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.9

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.10

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.11

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.12

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.13

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.14

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.15

ibmsecurity_access_manager_for_web_7.0_firmwareMatch7.0.0.16

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.1

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.2

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.3

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.5

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1.0

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1.2

ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1.3

CPENameOperatorVersion
ibm:security_access_manager_9.0_firmwareibm security access manager 9.0 firmwareeq9.0.0
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.1
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.2
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.3
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.4
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.5
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.6
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.7
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.8
ibm:security_access_manager_for_web_7.0_firmwareibm security access manager for web 7.0 firmwareeq7.0.0.9

CPE	Name	Operator	Version
ibm:security_access_manager_9.0_firmware	ibm security access manager 9.0 firmware	eq	9.0.0
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.1
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.2
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.3
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.4
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.5
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.6
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.7
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.8
ibm:security_access_manager_for_web_7.0_firmware	ibm security access manager for web 7.0 firmware	eq	7.0.0.9

Rows per page:

1-10 of 251

References

www-01.ibm.com/support/docview.wss?uid=swg1IV78768

www-01.ibm.com/support/docview.wss?uid=swg1IV78780

www-01.ibm.com/support/docview.wss?uid=swg21970510

www.securitytracker.com/id/1034560

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2015-5018

prion1 nvd1 cvelist1 ibm1