Vulnerability Description
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager For Web 8.0 Firmware | 8.0.0.2 |
| Ibm | Security Access Manager For Web Appliance | 8.0 |
| Ibm | Security Access Manager For Mobile Software | 8.0 |
| Ibm | Security Access Manager For Web Software | 7.0 |
| Ibm | Security Access Manager For Mobile Appliance | 8.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/59381
- http://secunia.com/advisories/59438
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
- http://www-01.ibm.com/support/docview.wss?uid=swg21676389
- http://www-01.ibm.com/support/docview.wss?uid=swg21676700Vendor Advisory
- http://www.securityfocus.com/bid/68132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93501
- http://secunia.com/advisories/59381
- http://secunia.com/advisories/59438
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
- http://www-01.ibm.com/support/docview.wss?uid=swg21676389
- http://www-01.ibm.com/support/docview.wss?uid=swg21676700Vendor Advisory
- http://www.securityfocus.com/bid/68132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93501
FAQ
What is CVE-2014-3053?
CVE-2014-3053 is a vulnerability with a CVSS score of 8.0 (HIGH). The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0...
How severe is CVE-2014-3053?
CVE-2014-3053 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3053?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager For Web 8.0 Firmware, Ibm Security Access Manager For Web Appliance, Ibm Security Access Manager For Mobile Software, Ibm Security Access Manager For Web Software, Ibm Security Access Manager For Mobile Appliance.