6.8
CVE-2014-6077
- EPSS 0.63%
- Veröffentlicht 18.12.2014 16:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Security Access Manager For Web Version7.0
Ibm ≫ Security Access Manager For Web Version8.0
Ibm ≫ Security Access Manager For Mobile Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.63% | 0.455 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358
http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581
http://www-01.ibm.com/support/docview.wss?uid=swg21684475
https://exchange.xforce.ibmcloud.com/vulnerabilities/95730