CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:P/A:C
AI Score
Confidence
Low
EPSS
Percentile
82.3%
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.2 | cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:* |
ibm | security_access_manager_for_web_8.0_firmware | 8.0.0.3 | cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:* |
ibm | security_access_manager_for_web_appliance | 8.0 | cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:* |
ibm | security_access_manager_for_mobile_software | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_mobile_software:8.0:*:*:*:*:*:*:* |
ibm | security_access_manager_for_web_software | 7.0 | cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:* |
ibm | security_access_manager_for_web_software | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:* |
ibm | security_access_manager_for_mobile_appliance | 8.0 | cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:* |
ibm | security_access_manager_for_web_appliance | 7.0 | cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:* |