IBM Security Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Mobile appliances (CVE-2016-3028)

A vulnerability in IBM Security Access Manager for Mobile could allow a remote authenticated attacker with admin access to the LMI to execute arbitrary commands on the system.

CVE(s): CVE-2016-3028

Affected product(s) and affected version(s):

IBM Security Access Manager for Mobile 8.0, all firmware versions

IBM Security Access Manager 9.0, all firmware versions

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2fduE4Z
X-Force Database: http://ift.tt/2dmagD6

from IBM Product Security Incident Response Team http://ift.tt/2fdqjP5