CVE-2014-6086
IBM Security Access Manager for Mobile 8.x (before 8.0.1) and IBM Security Access Manager for Web (7.x before 7.0.0 FP10, and 8.x before 8.0.1) fail to enforce HTTPS, enabling remote attackers to sniff HTTP sessions and obtain sensitive information. This vulnerability is documented as CVE-2014-60...