Skip to main content

Security Access Manager For Mobile CVE-2014-6080

MEDIUM
SQL Injection (CWE-89)
2014-12-18 psirt@us.ibm.com
6.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 18, 2014 - 16:59 cve.org
MEDIUM 6.5

DescriptionCVE.org

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

AnalysisAI

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Affected products include: Ibm Security Access Manager For Mobile, Ibm Security Access Manager For Web. Version information: before 8.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2016-3025 HIGH
8.1 Nov 25

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not

CVE-2016-5919 HIGH
7.5 Feb 16

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that coul

CVE-2014-6077 MEDIUM
6.8 Dec 18

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security

CVE-2016-3018 MEDIUM
6.1 Feb 01

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulner

CVE-2017-1489 MEDIUM
6.1 Aug 29

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerabilit

CVE-2016-3043 MEDIUM
5.9 Feb 01

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure

CVE-2016-3020 MEDIUM
5.5 Feb 07

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restriction

CVE-2015-5013 MEDIUM
5.5 Feb 08

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which

CVE-2014-6088 MEDIUM
5.0 Dec 18

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.

CVE-2014-6087 MEDIUM
5.0 Dec 18

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.

CVE-2014-6086 MEDIUM
5.0 Dec 18

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.

CVE-2014-6084 MEDIUM
5.0 Dec 18

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.

Share

CVE-2014-6080 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy