Vulnerability Description
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Identity Manager | 6.0.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645
- http://www-01.ibm.com/support/docview.wss?uid=swg21689779Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96179
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645
- http://www-01.ibm.com/support/docview.wss?uid=swg21689779Vendor Advisory
FAQ
What is CVE-2014-6110?
CVE-2014-6110 is a vulnerability with a CVSS score of 2.1 (LOW). IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.
How severe is CVE-2014-6110?
CVE-2014-6110 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-6110?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Identity Manager.