PT-2014-5047 · Ibm · Ibm Security Access Manager For Mobile+1
Published
2014-06-21
·
Updated
2017-08-29
·
CVE-2014-3053
CVSS v2.0
8.0
High
| Vector | AV:A/AC:L/Au:N/C:C/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Security Access Manager (ISAM) for Mobile versions 8.0.0.0 through 8.0.0.3
IBM Security Access Manager for Web versions 7.0, 8.0.0.2, 8.0.0.3
Description
The issue allows remote attackers to bypass authentication via a login action with invalid credentials, exploiting the Local Management Interface (LMI) in the affected software.
Recommendations
For IBM Security Access Manager (ISAM) for Mobile versions 8.0.0.0 through 8.0.0.3, update to a version outside of this range to resolve the issue.
For IBM Security Access Manager for Web version 7.0, update to a version outside of the affected range to resolve the issue.
For IBM Security Access Manager for Web versions 8.0.0.2 and 8.0.0.3, update to a version outside of this range to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Access Manager For Mobile
Ibm Security Access Manager For Web