Lucene search
HistoryDec 18, 2014 - 4:59 p.m.
CVE-2014-6077
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.001
Percentile
44.9%
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Affected configurations
Node
ibmsecurity_access_manager_for_webMatch7.0
ORibmsecurity_access_manager_for_webMatch8.0
Node
ibmsecurity_access_manager_for_mobileMatch8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | security_access_manager_for_web | 7.0 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_mobile | 8.0 | cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-6077
2014-12-18 16:00:00
cve
cve
CVE-2014-6077
2014-12-18 16:59:01
prion
prion
Cross site request forgery (csrf)
2014-12-18 16:59:00
ibm
ibm
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.5
Confidence
High
EPSS
0.001
Percentile
44.9%
Related for NVD:CVE-2014-6077