CVE-2015-5018 - Vulnerability Details

Vendors	Products
Ibm	Security Access Manager 9.0 Firmware Security Access Manager For Web 7.0 Firmware Security Access Manager For Web 8.0 Firmware

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768
http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780
http://www-01.ibm.com/support/docview.wss?uid=swg21970510
http://www.securitytracker.com/id/1034560

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IV78768", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970510"}, {"name": "IV78780", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"name": "1034560", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034560"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-5018", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IV78768", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970510", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970510"}, {"name": "IV78780", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"name": "1034560", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034560"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:32.301Z"}, "title": "CVE Program Container", "references": [{"name": "IV78768", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970510"}, {"name": "IV78780", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"name": "1034560", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034560"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-5018", "datePublished": "2016-01-02T02:00:00", "dateReserved": "2015-06-24T00:00:00", "dateUpdated": "2024-08-06T06:32:32.301Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-12-14T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-05T14:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : IV78768 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21970510 (string)

}

2 : { »

name : IV78780 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

3 : { »

name : 1034560 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1034560 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2015-5018 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : IV78768 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21970510 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21970510 (string)

}

2 : { »

name : IV78780 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

3 : { »

name : 1034560 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1034560 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T06:32:32.301Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : IV78768 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21970510 (string)

}

2 : { »

name : IV78780 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

3 : { »

name : 1034560 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1034560 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2015-5018 (string)

datePublished : 2016-01-02T02:00:00 (string)

dateReserved : 2015-06-24T00:00:00 (string)

dateUpdated : 2024-08-06T06:32:32.301Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B5B6BD9-C0DF-4359-A6C1-F66E24912800", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "22433CE0-9772-48CE-8069-612FF3732C21", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2569AA28-5C61-4BBD-A501-E1ACFA36837B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3AB188A2-D7CE-4141-A55A-C074C84E366E", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "FE4E5283-0FEE-4F37-9C41-FA695063FF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "73EB6121-62CD-49FC-A1D2-5467B007253C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A91ADDFE-9362-4D7E-B623-D662D81382E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "C8E0F31E-EB32-4442-91BE-95A9625F308F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "701D729E-A817-4525-ADD9-EC810326B9E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "E5883F2E-83F4-4630-813B-21E533BA2CB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "A1FB9953-91A1-47BB-B6BF-088FA75BEBCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "CD7B0192-465A-48EF-8B51-FC6BC6EC464A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "3E40F5AD-E090-4D0B-A580-D794F60215DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "EC5BD4D1-DD9B-4845-AF17-9B813C748D1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B0D27CF-70BF-4C72-A963-310272D8EBF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D331E67E-25D3-4C34-8118-49E2A8B29D96", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "73E4F0CD-26DF-4975-8F40-ECB8E03A08C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FFE6F2A0-BD38-4853-A8FB-299A341FA0B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access."}, {"lang": "es", "value": "IBM Security Access Manager for Web 7.0.0 en versiones anteriores a FP19 y 8.0 en versiones anteriores a 8.0.1.3 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.0.0 IF1, permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios aprovechando el acceso Local Management Interface (LMI)."}], "id": "CVE-2015-5018", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-02T05:59:03.800", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970510"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1034560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034560"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B5B6BD9-C0DF-4359-A6C1-F66E24912800 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 22433CE0-9772-48CE-8069-612FF3732C21 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2569AA28-5C61-4BBD-A501-E1ACFA36837B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 3AB188A2-D7CE-4141-A55A-C074C84E366E (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DE776097-1DA4-4F27-8E96-61E3D9FFE8D0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : FE4E5283-0FEE-4F37-9C41-FA695063FF79 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 73EB6121-62CD-49FC-A1D2-5467B007253C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:* (string)

matchCriteriaId : A91ADDFE-9362-4D7E-B623-D662D81382E8 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:* (string)

matchCriteriaId : C8E0F31E-EB32-4442-91BE-95A9625F308F (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:* (string)

matchCriteriaId : 701D729E-A817-4525-ADD9-EC810326B9E2 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:* (string)

matchCriteriaId : E5883F2E-83F4-4630-813B-21E533BA2CB7 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:* (string)

matchCriteriaId : A1FB9953-91A1-47BB-B6BF-088FA75BEBCA (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:* (string)

matchCriteriaId : CD7B0192-465A-48EF-8B51-FC6BC6EC464A (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:* (string)

matchCriteriaId : 3E40F5AD-E090-4D0B-A580-D794F60215DB (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:* (string)

matchCriteriaId : EC5BD4D1-DD9B-4845-AF17-9B813C748D1A (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B0D27CF-70BF-4C72-A963-310272D8EBF7 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 97E19969-DD73-42F2-9E91-504E1663B268 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F9CC2E05-5179-4241-A710-E582510EEB0D (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D331E67E-25D3-4C34-8118-49E2A8B29D96 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 73E4F0CD-26DF-4975-8F40-ECB8E03A08C2 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : FFE6F2A0-BD38-4853-A8FB-299A341FA0B6 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. (string)

}

1 : { »

lang : es (string)

value : IBM Security Access Manager for Web 7.0.0 en versiones anteriores a FP19 y 8.0 en versiones anteriores a 8.0.1.3 IF3 y Security Access Manager 9.0 en versiones anteriores a 9.0.0.0 IF1, permite a usuarios remotos autenticados ejecutar comandos del SO arbitrarios aprovechando el acceso Local Management Interface (LMI). (string)

}

]

id : CVE-2015-5018 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 8.5 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:S/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.3 (number)

impactScore : 6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-01-02T05:59:03.800 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21970510 (string)

}

3 : { »

source : psirt@us.ibm.com (string)

url : http://www.securitytracker.com/id/1034560 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78768 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1IV78780 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21970510 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1034560 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-78 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object