CVE-2014-3053

EUVD-2014-3074
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:C/I:P/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.2
ibmsecurity_access_manager_for_web_8.0_firmware
8.0.0.3
ibmsecurity_access_manager_for_web_appliance
8.0
ibmsecurity_access_manager_for_mobile_software
8.0
ibmsecurity_access_manager_for_web_software
7.0
ibmsecurity_access_manager_for_web_software
8.0
ibmsecurity_access_manager_for_mobile_appliance
8.0
ibmsecurity_access_manager_for_web_appliance
7.0
ibmsecurity_access_manager_for_web_appliance
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59381
http://secunia.com/advisories/59438
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
http://www-01.ibm.com/support/docview.wss?uid=swg21676389
http://www-01.ibm.com/support/docview.wss?uid=swg21676700
http://www.securityfocus.com/bid/68132
https://exchange.xforce.ibmcloud.com/vulnerabilities/93501
http://secunia.com/advisories/59381
http://secunia.com/advisories/59438
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
http://www-01.ibm.com/support/docview.wss?uid=swg21676389
http://www-01.ibm.com/support/docview.wss?uid=swg21676700
http://www.securityfocus.com/bid/68132
https://exchange.xforce.ibmcloud.com/vulnerabilities/93501