Details of VAR-201410-0399

ID

VAR-201410-0399

CVE

CVE-2014-4823

TITLE

IBM Security Access Manager for Web and Security Access Manager for Mobile Vulnerabilities in system commands

Trust: 0.8

sources: JVNDB: JVNDB-2014-004511

DESCRIPTION

The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. Remote attackers can exploit this issue to execute arbitrary shell commands within the context of the affected system. ISAM for Mobile is a product that provides mobile access security in one modular package. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. The management console in ISAM has a security hole

Trust: 1.98

sources: NVD: CVE-2014-4823 // JVNDB: JVNDB-2014-004511 // BID: 70195 // VULHUB: VHN-72764

AFFECTED PRODUCTS

vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.0.3	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.0.2	Trust: 1.6
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.6	Trust: 1.6
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.4	Trust: 1.6
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.3	Trust: 1.6
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.1	Trust: 1.6
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.7	Trust: 1.6
vendor:	ibm	model:	security access manager for mobile 8.0	scope:	eq	version:	8.0.0.0	Trust: 1.6
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.8	Trust: 1.6
vendor:	ibm	model:	security access manager for web 8.0	scope:	eq	version:	8.0.0.4	Trust: 1.6
vendor:	ibm	model:	security access manager for web appliance	scope:	eq	version:	7.0	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.3	Trust: 1.0
vendor:	ibm	model:	security access manager for web appliance	scope:	eq	version:	8.0	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.1	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.4	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.5	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.2	Trust: 1.0
vendor:	ibm	model:	security access manager for web 7.0	scope:	eq	version:	7.0.0.0	Trust: 1.0
vendor:	ibm	model:	security access manager for mobile appliance	scope:	eq	version:	8.0	Trust: 1.0
vendor:	ibm	model:	security access manager for web software	scope:	eq	version:	8.0.0-iss-wga-fp0005	Trust: 0.8
vendor:	ibm	model:	security access manager for web appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager for mobile appliance	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	security access manager for web software	scope:	eq	version:	7.0.0-iss-wga-if0009	Trust: 0.8
vendor:	ibm	model:	security access manager for web software	scope:	lt	version:	8.x	Trust: 0.8
vendor:	ibm	model:	security access manager for web software	scope:	lt	version:	7.x	Trust: 0.8
vendor:	ibm	model:	security access manager for mobile software	scope:	lt	version:	8.x	Trust: 0.8
vendor:	ibm	model:	security access manager for mobile software	scope:	eq	version:	8.0.0-iss-isam-fp0005	Trust: 0.8
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.03	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	8.0.0.2	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.8	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.7	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.6	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.5	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.3	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.2	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for web	scope:	eq	version:	7.0	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.4	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.3	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.1	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0.0.0	Trust: 0.3
vendor:	ibm	model:	security access manager for mobile	scope:	eq	version:	8.0	Trust: 0.3

sources: BID: 70195 // JVNDB: JVNDB-2014-004511 // CNNVD: CNNVD-201410-056 // NVD: CVE-2014-4823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4823
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-4823
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201410-056
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-72764
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-4823
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-72764
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72764 // JVNDB: JVNDB-2014-004511 // CNNVD: CNNVD-201410-056 // NVD: CVE-2014-4823

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-72764 // JVNDB: JVNDB-2014-004511 // NVD: CVE-2014-4823

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-056

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201410-056

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004511

PATCH

title:	1684466	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21684466	Trust: 0.8
title:	8.0.0-ISS-WGA-FP0005	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54168	Trust: 0.6
title:	8.0.0-ISS-WGA-FP0005	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54167	Trust: 0.6

sources: JVNDB: JVNDB-2014-004511 // CNNVD: CNNVD-201410-056

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4823	Trust: 2.8
db:	SECUNIA	id:	61278	Trust: 1.1
db:	SECUNIA	id:	61294	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004511	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-056	Trust: 0.7
db:	XF	id:	95573	Trust: 0.6
db:	BID	id:	70195	Trust: 0.4
db:	VULHUB	id:	VHN-72764	Trust: 0.1

sources: VULHUB: VHN-72764 // BID: 70195 // JVNDB: JVNDB-2014-004511 // CNNVD: CNNVD-201410-056 // NVD: CVE-2014-4823

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21684466	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1iv64910	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1iv64919	Trust: 1.1
url:	http://secunia.com/advisories/61278	Trust: 1.1
url:	http://secunia.com/advisories/61294	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95573	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4823	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4823	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/95573	Trust: 0.6
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-03.ibm.com/software/products/en/access-mgr-mobile	Trust: 0.3
url:	http://www-03.ibm.com/software/products/en/access-mgr-web	Trust: 0.3
url:	www-01.ibm.com/support/docview.wss?uid=swg21684466	Trust: 0.3

sources: VULHUB: VHN-72764 // BID: 70195 // JVNDB: JVNDB-2014-004511 // CNNVD: CNNVD-201410-056 // NVD: CVE-2014-4823

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 70195

SOURCES

db:	VULHUB	id:	VHN-72764
db:	BID	id:	70195
db:	JVNDB	id:	JVNDB-2014-004511
db:	CNNVD	id:	CNNVD-201410-056
db:	NVD	id:	CVE-2014-4823

LAST UPDATE DATE

2024-11-23T19:43:12.126000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72764	date:	2017-08-29T00:00:00
db:	BID	id:	70195	date:	2014-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-004511	date:	2014-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201410-056	date:	2014-10-10T00:00:00
db:	NVD	id:	CVE-2014-4823	date:	2024-11-21T02:10:56.073

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72764	date:	2014-10-03T00:00:00
db:	BID	id:	70195	date:	2014-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-004511	date:	2014-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201410-056	date:	2014-10-10T00:00:00
db:	NVD	id:	CVE-2014-4823	date:	2014-10-03T01:55:07.313