Sign-up

ID

VAR-201501-0386


CVE

CVE-2014-6197


TITLE

IBM Security Network Protection Vulnerable to a clickjacking attack

Trust: 0.8

sources: JVNDB: JVNDB-2014-007732

DESCRIPTION

IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. The system can monitor application usage, website access and operation execution within the network to avoid threats such as malware and botnets. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to implement clickjacking attacks

Trust: 1.98

sources: NVD: CVE-2014-6197 // JVNDB: JVNDB-2014-007732 // BID: 77928 // VULHUB: VHN-74140

AFFECTED PRODUCTS

vendor:ibmmodel:security network protection xgsscope:eqversion:5.3

Trust: 1.9

vendor:ibmmodel:security network protection xgsscope:eqversion:5.2

Trust: 1.9

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.2

Trust: 1.9

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.1

Trust: 1.9

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1

Trust: 1.9

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.2.1

Trust: 1.6

vendor:ibmmodel:security network protection xgs 3100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection xgs 7100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.x

Trust: 0.8

vendor:ibmmodel:security network protection xgsscope:eqversion:5.2.0.0 fp5

Trust: 0.8

vendor:ibmmodel:security network protection xgsscope:ltversion:5.3.x

Trust: 0.8

vendor:ibmmodel:security network protection xgs 5100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection xgsscope:ltversion:5.2.x

Trust: 0.8

vendor:ibmmodel:security network protection xgs 4100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection xgsscope:eqversion:5.3.0.0 fp1

Trust: 0.8

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.21

Trust: 0.3

sources: BID: 77928 // JVNDB: JVNDB-2014-007732 // CNNVD: CNNVD-201501-373 // NVD: CVE-2014-6197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6197
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-6197
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-373
value: MEDIUM

Trust: 0.6

VULHUB: VHN-74140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-6197
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-74140
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-74140 // JVNDB: JVNDB-2014-007732 // CNNVD: CNNVD-201501-373 // NVD: CVE-2014-6197

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-74140 // JVNDB: JVNDB-2014-007732 // NVD: CVE-2014-6197

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-373

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201501-373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007732

PATCH
title:1693542url:http://www-01.ibm.com/support/docview.wss?uid=swg21693542
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007732

EXTERNAL IDS
db:NVDid:CVE-2014-6197
Trust: 2.8
db:XFid:98609
Trust: 0.9
db:JVNDBid:JVNDB-2014-007732
Trust: 0.8
db:CNNVDid:CNNVD-201501-373
Trust: 0.7
db:BIDid:77928
Trust: 0.4
db:VULHUBid:VHN-74140
Trust: 0.1
sources:
            
            
            VULHUB: VHN-74140 // 
            
            
            
            BID: 77928 // 
            
            
            
            JVNDB: JVNDB-2014-007732 // 
            
            
            
            CNNVD: CNNVD-201501-373 // 
            
            
            
            NVD: CVE-2014-6197

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21693542
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98609
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/98609
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6197
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6197
Trust: 0.8
sources:
            
            
            VULHUB: VHN-74140 // 
            
            
            
            BID: 77928 // 
            
            
            
            JVNDB: JVNDB-2014-007732 // 
            
            
            
            CNNVD: CNNVD-201501-373 // 
            
            
            
            NVD: CVE-2014-6197

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 77928

SOURCES
db:VULHUBid:VHN-74140
db:BIDid:77928
db:JVNDBid:JVNDB-2014-007732
db:CNNVDid:CNNVD-201501-373
db:NVDid:CVE-2014-6197

LAST UPDATE DATE
2024-11-23T22:35:00.080000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-74140date:2017-09-08T00:00:00
db:BIDid:77928date:2015-01-17T00:00:00
db:JVNDBid:JVNDB-2014-007732date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-373date:2015-01-19T00:00:00
db:NVDid:CVE-2014-6197date:2024-11-21T02:13:57.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-74140date:2015-01-17T00:00:00
db:BIDid:77928date:2015-01-17T00:00:00
db:JVNDBid:JVNDB-2014-007732date:2015-01-23T00:00:00
db:CNNVDid:CNNVD-201501-373date:2015-01-19T00:00:00
db:NVDid:CVE-2014-6197date:2015-01-17T11:59:04.093