CVE-2014-6077 — Cross-Site Request Forgery in IBM Security Access Manager FOR Mobile

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 66.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Access Manager FOR Mobile IBM Security Access Manager FOR WEB

Timeline

PublishedDec 18

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/security_access_manager8.0, 7.0+1

🔴Vulnerability Details

GHSA

GHSA-w9x9-rr93-3wvr: Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8↗2022-05-17

▶

CVEList

CVE-2014-6077: Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8↗2014-12-18

▶