CVE-2014-6106Cross-Site Request Forgery in IBM Security Identity Manager

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 70.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Identity Manager
Timeline
PublishedSep 18
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDibm/security_identity_manager20 versions+19

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-55fh-chpw-5q5r: Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 52022-05-17
CVEList
CVE-2014-6106: Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 52017-09-18
CVE-2014-6106 — Cross-Site Request Forgery in IBM | cvebase