Lucene search

[email protected]CVE-2014-6086

HistoryDec 18, 2014 - 4:59 p.m.

CVE-2014-6086

2014-12-1816:59:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm

security

access manager

mobile

web

https

network sniffing

cve-2014-6086

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.

CPENameOperatorVersion
ibm:security_access_manager_for_mobileibm security access manager for mobileeq8.0
ibm:security_access_manager_for_webibm security access manager for webeq8.0
ibm:security_access_manager_for_webibm security access manager for webeq7.0

CPE	Name	Operator	Version
ibm:security_access_manager_for_mobile	ibm security access manager for mobile	eq	8.0
ibm:security_access_manager_for_web	ibm security access manager for web	eq	8.0
ibm:security_access_manager_for_web	ibm security access manager for web	eq	7.0

References

www-01.ibm.com/support/docview.wss?uid=swg1IV67358

www-01.ibm.com/support/docview.wss?uid=swg1IV67581

www-01.ibm.com/support/docview.wss?uid=swg21684475

exchange.xforce.ibmcloud.com/vulnerabilities/95813

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for CVE-2014-6086

cvelist1 prion1 ibm1