CVE-2014-6106

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
ibmsecurity_identity_manager
5.1.0
ibmsecurity_identity_manager
5.1.0.3
ibmsecurity_identity_manager
5.1.0.4
ibmsecurity_identity_manager
5.1.0.5
ibmsecurity_identity_manager
5.1.0.6
ibmsecurity_identity_manager
5.1.0.7
ibmsecurity_identity_manager
5.1.0.8
ibmsecurity_identity_manager
5.1.0.9
ibmsecurity_identity_manager
5.1.0.10
ibmsecurity_identity_manager
5.1.0.11
ibmsecurity_identity_manager
5.1.0.12
ibmsecurity_identity_manager
5.1.0.13
ibmsecurity_identity_manager
5.1.0.14
ibmsecurity_identity_manager
5.1.0.15
ibmsecurity_identity_manager
6.0.0.0
ibmsecurity_identity_manager
6.0.0.1
ibmsecurity_identity_manager
6.0.0.2
ibmsecurity_identity_manager
6.0.0.3
ibmsecurity_identity_manager
6.0.0.4
ibmsecurity_identity_manager
7.0.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/73167
https://exchange.xforce.ibmcloud.com/vulnerabilities/96145
https://www-01.ibm.com/support/docview.wss?uid=swg21698020
http://www.securityfocus.com/bid/73167
https://exchange.xforce.ibmcloud.com/vulnerabilities/96145
https://www-01.ibm.com/support/docview.wss?uid=swg21698020