CVE-2014-3053

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.

CVSS v2.0 8.0 HIGH

8.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:P/A:C

Exploitability : 6.5 / Impact : 9.5

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact PARTIAL

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21676700	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557
http://secunia.com/advisories/59438
http://www-01.ibm.com/support/docview.wss?uid=swg21676389
http://www.securityfocus.com/bid/68132
http://secunia.com/advisories/59381
https://exchange.xforce.ibmcloud.com/vulnerabilities/93501

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:::::::*
	cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:::::::*

cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:::::::*
	cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:::::::*
	cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:::::::*
	cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:::::::*
	cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:::::::*
	cpe:2.3:a:ibm:security_access_manager_for_mobile_software:8.0:::::::*

Information

Published : 2014-06-21 08:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-3053

Mitre link : CVE-2014-3053

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

ibm

security_access_manager_for_mobile_software
security_access_manager_for_web_appliance
security_access_manager_for_web_software
security_access_manager_for_mobile_appliance
security_access_manager_for_web_8.0_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676700", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557", "name": "IV61557", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://secunia.com/advisories/59438", "name": "59438", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676389", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/68132", "name": "68132", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/59381", "name": "59381", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93501", "name": "ibm-isam-cve20143053-credentials(93501)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3053", "ASSIGNER": "psirt@us.ibm.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 8.0, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 9.5, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-06-21T15:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:security_access_manager_for_mobile_software:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:34Z"}

8.0 /10