Lucene search
IbmCVE-2014-6086HistoryDec 18, 2014 - 4:59 p.m.
CVE-2014-6086
2014-12-1816:59:07
CWE-200
ibm
web.nvd.nist.gov
36
ibm
security
access manager
mobile
web
https
network sniffing
cve-2014-6086
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.003
Percentile
70.2%
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.
Affected configurations
Node
ibmsecurity_access_manager_for_mobileMatch8.0
Node
ibmsecurity_access_manager_for_webMatch7.0
ORibmsecurity_access_manager_for_webMatch8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | security_access_manager_for_mobile | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-6086
2014-12-18 16:00:00
nvd
nvd
CVE-2014-6086
2014-12-18 16:59:07
prion
prion
Session fixation
2014-12-18 16:59:00
ibm
ibm
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.003
Percentile
70.2%
Related for CVE-2014-6086