← Back

CVE-2017-1407

nvd nist
Published: Sep 28, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.

Affected (7)

Ibm
3 products
Security Identity Governance And Intelligence
Security Identity Manager
Security Privileged Identity Manager
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Security Identity Governance And Intelligence
Version 5.2.0
Security Identity Governance And Intelligence
Version 5.2.1
Ibm
Security Identity Manager
Version 6.0.0.0
Security Identity Manager
Version 7.0.0.0
Ibm
Security Privileged Identity Manager
Version 2.0.0
Security Privileged Identity Manager
Version 2.0.1
Security Privileged Identity Manager
Version 2.0.2

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (6)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
Third Party AdvisoryVDB Entry
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.