Skip to main content

Security Access Manager For Mobile CVE-2014-6084

MEDIUM
Cryptographic Issues (CWE-310)
2014-12-18 psirt@us.ibm.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 18, 2014 - 16:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher.

AnalysisAI

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-310. IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher. Affected products include: Ibm Security Access Manager For Mobile, Ibm Security Access Manager For Web. Version information: before 8.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-3025 HIGH
8.1 Nov 25

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not

CVE-2016-5919 HIGH
7.5 Feb 16

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that coul

CVE-2014-6077 MEDIUM
6.8 Dec 18

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security

CVE-2014-6080 MEDIUM
6.5 Dec 18

SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for W

CVE-2016-3018 MEDIUM
6.1 Feb 01

IBM Security Access Manager for Web is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulner

CVE-2017-1489 MEDIUM
6.1 Aug 29

IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerabilit

CVE-2016-3043 MEDIUM
5.9 Feb 01

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure

CVE-2016-3020 MEDIUM
5.5 Feb 07

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restriction

CVE-2015-5013 MEDIUM
5.5 Feb 08

The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which

CVE-2014-6088 MEDIUM
5.0 Dec 18

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.

CVE-2014-6087 MEDIUM
5.0 Dec 18

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.

CVE-2014-6086 MEDIUM
5.0 Dec 18

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.

Share

CVE-2014-6084 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy