CVE-2015-5018
HIGHIBM Security Access Manager 7.0.0-7.0.0 FP19, 8.0-8.0.1.3 IF3, 9.0-9.0.0.0 IF1 - OS Command Injection
Title source: llmDescription
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21970510
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034560
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768
Scores
CVSS v3
8.0
EPSS
0.0274
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (25)
ibm/security_access_manager_9.0_firmware
9.0.0
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.1
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.2
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.3
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.4
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.5
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.6
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.7
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.8
ibm/security_access_manager_for_web_7.0_firmware
7.0.0.9
... and 15 more
Published
Jan 02, 2016
Tracked Since
Feb 18, 2026