RCE in Ibm Security_access_manager_for_mobile_8.0_firmware

CVE-2014-4823

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inje…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.065 (91.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Security_access_manager_for_mobile_8.0_firmware — versions 8.0.0.0, 8.0.0.1, 8.0.0.3
Ibm Security_access_manager_for_mobile_appliance — versions 8.0
Ibm Security_access_manager_for_web_7.0_firmware — versions 7.0.0.0, 7.0.0.1, 7.0.0.2
Ibm Security_access_manager_for_web_8.0_firmware — versions 8.0.0.2, 8.0.0.3, 8.0.0.4
Ibm Security_access_manager_for_web_appliance — versions 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
ibm-sam-cve20144823-command-injection(95573) (vdb-entry, x_refsource_XF)
IV64919 (vendor-advisory, x_refsource_AIXAPAR)
61294 (x_refsource_SECUNIA, third-party-advisory)
61278 (x_refsource_SECUNIA, third-party-advisory)
IV64910 (vendor-advisory, x_refsource_AIXAPAR)