CVE-2014-6110 — Improper Access Control in IBM Security Identity Manager

CWE-284 — Improper Access Control3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 64.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Identity Manager

Timeline

PublishedNov 18

Latest updateMay 17

Description

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/security_identity_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-rq85-jxj9-226h: IBM Security Identity Manager 6↗2022-05-17

▶

CVEList

CVE-2014-6110: IBM Security Identity Manager 6↗2014-11-18

▶