IBM5E5197BE6B49358606D754A8016269CE8011A949FB37872EC1D6BD43A4C1819DSecurity Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Mobile appliances (CVE-2016-3028)
0.011 Low
EPSS
Percentile
84.4%
Summary
A vulnerability in IBM Security Access Manager for Mobile could allow a remote authenticated attacker with admin access to the LMI to execute arbitrary commands on the system.
Vulnerability Details
CVEID: CVE-2016-3028**
DESCRIPTION:** IBM Security Access Manager for Mobile could allow a remote authenticated attacker with admin access to the LMI to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114479 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Affected Products and Versions
IBM Security Access Manager for Mobile 8.0, all firmware versions
IBM Security Access Manager 9.0, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Security Access Manager for Mobile | 8.0.0.0 - | ||
| 8.0.1.4 | IV89290 | 1. For releases prior to 8.0.1.4, upgrade to 8.0.1.4: | |
| 8.0.1-ISS-ISAM-FP0004 | |||
| 2. Apply 8.0.1.4 Interim Fix 3: | |||
| 8.0.1.4-ISS-ISAM-IF0003 | |||
| IBM Security Access Manager | 9.0 - | ||
| 9.0.1.0 | IV89326 | 1. For 9.0 environments, upgrade to 9.0.1.0: | |
| IBM Security Access Manager V9.0.1 Multiplatform, Multilingual (CRW4EML) | |||
| 2. Apply 9.0.1.0 Interim Fix 5: | |||
| 9.0.1.0-ISS-ISAM-IF0005 |
Workarounds and Mitigations
None.
Related
0.011 Low
EPSS
Percentile
84.4%