Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
IBM WebSEAL Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2016-3028 - Vulnerability Database
IBM WebSEAL

IBM WebSEAL Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2016-3028

Critical
Reference: CVE-2016-3028
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-3028
Title: IBM WebSEAL Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
Overview:

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.