8

CVE-2014-3053

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.684
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8 6.5 9.5
AV:A/AC:L/Au:N/C:C/I:P/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/59438
http://secunia.com/advisories/59381
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
http://www-01.ibm.com/support/docview.wss?uid=swg21676389
http://www-01.ibm.com/support/docview.wss?uid=swg21676700
Vendor Advisory
http://www.securityfocus.com/bid/68132
https://exchange.xforce.ibmcloud.com/vulnerabilities/93501