Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6168

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2014-6168
Last Modified 30 Dec 2014 10:38:50
Published 28 Dec 2014 09:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-6168

Summary

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Vulnerable Systems

Application

  • Ibm Security Identity Manager 5.1.0

  • Ibm Security Identity Manager 5.1.0.10

  • Ibm Security Identity Manager 5.1.0.11

  • Ibm Security Identity Manager 5.1.0.12

  • Ibm Security Identity Manager 5.1.0.13

  • Ibm Security Identity Manager 5.1.0.14

  • Ibm Security Identity Manager 5.1.0.15

  • Ibm Security Identity Manager 5.1.0.3

  • Ibm Security Identity Manager 5.1.0.4

  • Ibm Security Identity Manager 5.1.0.5

  • Ibm Security Identity Manager 5.1.0.6

  • Ibm Security Identity Manager 5.1.0.7

  • Ibm Security Identity Manager 5.1.0.8

  • Ibm Security Identity Manager 5.1.0.9


References

XF - ibm-sim-cve20146168-csrf(97752)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21692907


Last Updated: 27 May 2016 11:07:22