CVE-2014-4823
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21684466
References
- http://secunia.com/advisories/61278
- http://secunia.com/advisories/61294
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919
- http://www-01.ibm.com/support/docview.wss?uid=swg21684466
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95573
- http://secunia.com/advisories/61278
- http://secunia.com/advisories/61294
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV64910
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919
- http://www-01.ibm.com/support/docview.wss?uid=swg21684466
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95573
CWEs
CWE-78
Verify integrity in audit chain (admin only). AS-IS.