What is the severity of CVE-2016-3028?

CVE-2016-3028 is rated as a high-severity vulnerability due to its potential for remote command execution by authenticated users.

How do I fix CVE-2016-3028?

To fix CVE-2016-3028, upgrade to IBM Security Access Manager version 9.0.1.0 IF5, 8.0.1.4 IF3, or 7.0 IF2.

Who is affected by CVE-2016-3028?

CVE-2016-3028 affects users of IBM Security Access Manager for Web versions 7.0, 8.0, and 9.0 before the specified fixes.

What types of attacks can CVE-2016-3028 enable?

CVE-2016-3028 can enable attackers to execute arbitrary commands, potentially compromising the application and sensitive data.

Is authentication required to exploit CVE-2016-3028?

Yes, CVE-2016-3028 requires that the attacker be an authenticated user to exploit the vulnerability.

Vulnerability/
CVE-2016-3028

critical

9.1

CWE

25/11/2016

5/8/2024

CVE-2016-3028: OS Command Injection

First published: Fri Nov 25 2016(Updated: )

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Access Manager	=9.0.0
IBM Security Access Manager	=9.0.0.1
IBM Security Access Manager	=9.0.1.0
IBM Security Access Manager for Web Firmware	=7.0.0
IBM Security Access Manager for Web Firmware	=8.0.0
IBM Security Access Manager for Web Firmware	=8.0.0.2
IBM Security Access Manager for Web Firmware	=8.0.0.4
IBM Security Access Manager for Web Firmware	=8.0.0.5
IBM Security Access Manager for Web Firmware	=8.0.1
IBM Security Access Manager for Web Firmware	=8.0.1.2
IBM Security Access Manager for Web Firmware	=8.0.1.3
IBM Security Access Manager for Web Firmware	=8.0.1.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3028?
CVE-2016-3028 is rated as a high-severity vulnerability due to its potential for remote command execution by authenticated users.
How do I fix CVE-2016-3028?
To fix CVE-2016-3028, upgrade to IBM Security Access Manager version 9.0.1.0 IF5, 8.0.1.4 IF3, or 7.0 IF2.
Who is affected by CVE-2016-3028?
CVE-2016-3028 affects users of IBM Security Access Manager for Web versions 7.0, 8.0, and 9.0 before the specified fixes.
What types of attacks can CVE-2016-3028 enable?
CVE-2016-3028 can enable attackers to execute arbitrary commands, potentially compromising the application and sensitive data.
Is authentication required to exploit CVE-2016-3028?
Yes, CVE-2016-3028 requires that the attacker be an authenticated user to exploit the vulnerability.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm security access manager
version/ibm security access manager/9.0.0
version/ibm security access manager/9.0.0.1
version/ibm security access manager/9.0.1.0
canonical/ibm security access manager for web firmware
version/ibm security access manager for web firmware/7.0.0
version/ibm security access manager for web firmware/8.0.0
version/ibm security access manager for web firmware/8.0.0.2
version/ibm security access manager for web firmware/8.0.0.4
version/ibm security access manager for web firmware/8.0.0.5
version/ibm security access manager for web firmware/8.0.1
version/ibm security access manager for web firmware/8.0.1.2
version/ibm security access manager for web firmware/8.0.1.3
version/ibm security access manager for web firmware/8.0.1.4

Frequently Asked Questions

What is the severity of CVE-2016-3028?
CVE-2016-3028 is rated as a high-severity vulnerability due to its potential for remote command execution by authenticated users.
How do I fix CVE-2016-3028?
To fix CVE-2016-3028, upgrade to IBM Security Access Manager version 9.0.1.0 IF5, 8.0.1.4 IF3, or 7.0 IF2.
Who is affected by CVE-2016-3028?
CVE-2016-3028 affects users of IBM Security Access Manager for Web versions 7.0, 8.0, and 9.0 before the specified fixes.
What types of attacks can CVE-2016-3028 enable?
CVE-2016-3028 can enable attackers to execute arbitrary commands, potentially compromising the application and sensitive data.
Is authentication required to exploit CVE-2016-3028?
Yes, CVE-2016-3028 requires that the attacker be an authenticated user to exploit the vulnerability.

CVE-2016-3028: OS Command Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3028?

How do I fix CVE-2016-3028?

Who is affected by CVE-2016-3028?

What types of attacks can CVE-2016-3028 enable?

Is authentication required to exploit CVE-2016-3028?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2016-3028?

How do I fix CVE-2016-3028?

Who is affected by CVE-2016-3028?

What types of attacks can CVE-2016-3028 enable?

Is authentication required to exploit CVE-2016-3028?