CVE-2015-5018

HIGH

IBM Security Access Manager 7.0.0-7.0.0 FP19, 8.0-8.0.1.3 IF3, 9.0-9.0.0.0 IF1 - OS Command Injection

Title source: llm
STIX 2.1

Description

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21970510
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034560
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768

Scores

CVSS v3 8.0
EPSS 0.0274
EPSS Percentile 84.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (25)
ibm/security_access_manager_9.0_firmware 9.0.0
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.5
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.6
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.7
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.8
ibm/security_access_manager_for_web_7.0_firmware 7.0.0.9
... and 15 more
Published Jan 02, 2016
Tracked Since Feb 18, 2026