Sign-up

ID

VAR-201406-0330


CVE

CVE-2014-3053


TITLE

IBM Security Access Manager for Mobile and IBM Security Access Manager for Web Vulnerabilities that can bypass authentication in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-003022

DESCRIPTION

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. It provides user access management and Web application protection functions

Trust: 1.98

sources: NVD: CVE-2014-3053 // JVNDB: JVNDB-2014-003022 // BID: 68132 // VULHUB: VHN-70992

AFFECTED PRODUCTS

vendor:ibmmodel:security access manager for web 8.0scope:eqversion:8.0.0.3

Trust: 1.6

vendor:ibmmodel:security access manager for web 8.0scope:eqversion:8.0.0.2

Trust: 1.6

vendor:ibmmodel:security access manager for web appliancescope:eqversion:7.0

Trust: 1.6

vendor:ibmmodel:security access manager for mobile softwarescope:eqversion:8.0

Trust: 1.6

vendor:ibmmodel:security access manager for web appliancescope:eqversion:8.0

Trust: 1.6

vendor:ibmmodel:security access manager for web softwarescope:eqversion:8.0

Trust: 1.6

vendor:ibmmodel:security access manager for web softwarescope:eqversion:7.0

Trust: 1.6

vendor:ibmmodel:security access manager for mobile appliancescope:eqversion:8.0

Trust: 1.6

vendor:ibmmodel:security access manager for mobile the appliancescope: - version: -

Trust: 0.8

vendor:ibmmodel:security access manager for mobile softwarescope:eqversion:8.0.0.0

Trust: 0.8

vendor:ibmmodel:security access manager for mobile softwarescope:eqversion:8.0.0.3

Trust: 0.8

vendor:ibmmodel:security access manager for web the appliancescope: - version: -

Trust: 0.8

vendor:ibmmodel:security access manager for web softwarescope:eqversion:7.0 of

Trust: 0.8

vendor:ibmmodel:security access manager for web softwarescope:eqversion:8.0.0.2

Trust: 0.8

vendor:ibmmodel:security access manager for web softwarescope:eqversion:8.0.0.3

Trust: 0.8

sources: JVNDB: JVNDB-2014-003022 // CNNVD: CNNVD-201406-466 // NVD: CVE-2014-3053

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3053
value: HIGH

Trust: 1.0

NVD: CVE-2014-3053
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201406-466
value: HIGH

Trust: 0.6

VULHUB: VHN-70992
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3053
severity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/AU:N/C:C/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70992
severity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/AU:N/C:C/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70992 // JVNDB: JVNDB-2014-003022 // CNNVD: CNNVD-201406-466 // NVD: CVE-2014-3053

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-70992 // JVNDB: JVNDB-2014-003022 // NVD: CVE-2014-3053

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201406-466

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201406-466

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003022

PATCH
title:1676700url:http://www-01.ibm.com/support/docview.wss?uid=swg21676700
Trust: 0.8
title:security_fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50581
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-003022 // 
            
            
            
            CNNVD: CNNVD-201406-466

EXTERNAL IDS
db:NVDid:CVE-2014-3053
Trust: 2.8
db:BIDid:68132
Trust: 1.4
db:SECUNIAid:59381
Trust: 1.1
db:SECUNIAid:59438
Trust: 1.1
db:JVNDBid:JVNDB-2014-003022
Trust: 0.8
db:CNNVDid:CNNVD-201406-466
Trust: 0.7
db:XFid:93501
Trust: 0.6
db:VULHUBid:VHN-70992
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70992 // 
            
            
            
            BID: 68132 // 
            
            
            
            JVNDB: JVNDB-2014-003022 // 
            
            
            
            CNNVD: CNNVD-201406-466 // 
            
            
            
            NVD: CVE-2014-3053

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg1iv61557
Trust: 1.7
url:http://www-01.ibm.com/support/docview.wss?uid=swg21676700
Trust: 1.7
url:http://www.securityfocus.com/bid/68132
Trust: 1.1
url:http://www-01.ibm.com/support/docview.wss?uid=swg21676389
Trust: 1.1
url:http://secunia.com/advisories/59381
Trust: 1.1
url:http://secunia.com/advisories/59438
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/93501
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3053
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3053
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/93501
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70992 // 
            
            
            
            BID: 68132 // 
            
            
            
            JVNDB: JVNDB-2014-003022 // 
            
            
            
            CNNVD: CNNVD-201406-466 // 
            
            
            
            NVD: CVE-2014-3053

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 68132

SOURCES
db:VULHUBid:VHN-70992
db:BIDid:68132
db:JVNDBid:JVNDB-2014-003022
db:CNNVDid:CNNVD-201406-466
db:NVDid:CVE-2014-3053

LAST UPDATE DATE
2024-11-23T20:49:19.038000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70992date:2017-08-29T00:00:00
db:BIDid:68132date:2014-06-19T00:00:00
db:JVNDBid:JVNDB-2014-003022date:2014-06-24T00:00:00
db:CNNVDid:CNNVD-201406-466date:2014-06-23T00:00:00
db:NVDid:CVE-2014-3053date:2024-11-21T02:07:22.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-70992date:2014-06-21T00:00:00
db:BIDid:68132date:2014-06-19T00:00:00
db:JVNDBid:JVNDB-2014-003022date:2014-06-24T00:00:00
db:CNNVDid:CNNVD-201406-466date:2014-06-23T00:00:00
db:NVDid:CVE-2014-3053date:2014-06-21T15:55:03.870