Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-6092
HistoryApr 27, 2015 - 11:59 a.m.

CVE-2014-6092

2015-04-2711:59:00
CWE-17
[email protected]
web.nvd.nist.gov
20
ibm
curam
spm
security
vulnerability
denial of service
cve-2014-6092

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

64.6%

JSON

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.

CPENameOperatorVersion
ibm:curam_social_program_managementibm curam social program managementeq6.0.4.3
ibm:curam_social_program_managementibm curam social program managementeq6.0.4.2
ibm:curam_social_program_managementibm curam social program managementeq6.0.4.0
ibm:curam_social_program_managementibm curam social program managementeq6.0.4.1
ibm:curam_social_program_managementibm curam social program managementle5.2
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.0
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.3
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.2
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.4
ibm:curam_social_program_managementibm curam social program managementeq6.0.5.5
Rows per page:
1-10 of 131

Related

ibm 1
cvelist 1
prion 1
ibm
ibm
Security Bulletin: IBM CΓΊram Social Program Management when not configured with LDAP or SSO may be vulnerable to denial of service.(CVE-2014-6092).
2018-07-17 10:10:47
cvelist
cvelist
CVE-2014-6092
2015-04-27 01:00:00
prion
prion
Code injection
2015-04-27 11:59:00

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

64.6%

JSON
Related for CVE-2014-6092
ibm1cvelist1prion1