CVE-2014-6078

CWE-284Improper Access Control3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 53.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Access Manager FOR MobileIBM Security Access Manager FOR WEB
Timeline
PublishedDec 18
Latest updateMay 17

Description

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vrr2-83p8-vp4c: IBM Security Access Manager for Mobile 82022-05-17
CVEList
CVE-2014-6078: IBM Security Access Manager for Mobile 82014-12-18
CVE-2014-6078 (MEDIUM CVSS 5) | IBM Security Access Manager for Mob | cvebase.io