Vulnerability Description
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Datapower Xc10 Appliance Firmware | 2.5.0.0 |
| Ibm | Websphere Datapower Xc10 Appliance | - |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685705PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93534
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21685705PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93534
FAQ
What is CVE-2014-3060?
CVE-2014-3060 is a vulnerability with a CVSS score of 10.0 (HIGH). Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid ...
How severe is CVE-2014-3060?
CVE-2014-3060 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3060?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Datapower Xc10 Appliance Firmware, Ibm Websphere Datapower Xc10 Appliance.