Vulnerability CVE-2014-3053
Published: 2014-06-21

Description:
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8/10
9.5/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Partial
Complete
Affected software
IBM -> Security access manager for mobile software 
IBM -> Security access manager for web software 
IBM -> Security access manager for mobile appliance 
IBM -> Security access manager for web appliance 
IBM -> Security access manager for web 8.0 firmware 

 References:
http://secunia.com/advisories/59381
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
http://www-01.ibm.com/support/docview.wss?uid=swg21676389
http://www-01.ibm.com/support/docview.wss?uid=swg21676700
http://www.securityfocus.com/bid/68132
http://xforce.iss.net/xforce/xfdb/93501
Copyright 2024, cxsecurity.com

 

Back to Top