Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6078

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-6078
Last Modified 18 Dec 2014 02:27:22
Published 18 Dec 2014 11:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-6078

Summary

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

Vulnerable Systems

Application

  • Ibm Security Access Manager For Mobile 8.0

  • Ibm Security Access Manager For Web 7.0

  • Ibm Security Access Manager For Web 8.0


References

XF - ibm-sam-cve20146078-lockout(95762)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21684475


Last Updated: 27 May 2016 11:07:18