CVE-2014-6164Sensitive Information Exposure in IBM Websphere Application Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 53.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedDec 18
Latest updateMay 17

Description

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q35j-c73r-4267: IBM WebSphere Application Server 82022-05-17
CVEList
CVE-2014-6164: IBM WebSphere Application Server 82014-12-18
CVE-2014-6164 — Sensitive Information Exposure in IBM | cvebase