Sign-up

ID

VAR-201506-0204


CVE

CVE-2014-6198


TITLE

IBM Security Network Protection Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2014-008086

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. IBM Security Network Protection running firmware 5.3 is vulnerable. The system can monitor application usage, website access and operation execution within the network to avoid threats such as malware and botnets

Trust: 1.98

sources: NVD: CVE-2014-6198 // JVNDB: JVNDB-2014-008086 // BID: 75048 // VULHUB: VHN-74141

AFFECTED PRODUCTS

vendor:ibmmodel:security network protectionscope:eqversion:5.3

Trust: 1.9

vendor:ibmmodel:security network protectionscope:eqversion:5.3.1

Trust: 0.8

vendor:ibmmodel:security network protectionscope:ltversion:5.3

Trust: 0.8

vendor:ibmmodel:security network protectionscope:neversion:5.3.1

Trust: 0.3

sources: BID: 75048 // JVNDB: JVNDB-2014-008086 // CNNVD: CNNVD-201506-224 // NVD: CVE-2014-6198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6198
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-6198
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-224
value: MEDIUM

Trust: 0.6

VULHUB: VHN-74141
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-6198
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-74141
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-74141 // JVNDB: JVNDB-2014-008086 // CNNVD: CNNVD-201506-224 // NVD: CVE-2014-6198

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-74141 // JVNDB: JVNDB-2014-008086 // NVD: CVE-2014-6198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-224

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201506-224

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008086

PATCH
title:1958090url:http://www-01.ibm.com/support/docview.wss?uid=swg21958090
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008086

EXTERNAL IDS
db:NVDid:CVE-2014-6198
Trust: 2.8
db:SECTRACKid:1032634
Trust: 1.1
db:BIDid:75048
Trust: 1.0
db:JVNDBid:JVNDB-2014-008086
Trust: 0.8
db:CNNVDid:CNNVD-201506-224
Trust: 0.7
db:VULHUBid:VHN-74141
Trust: 0.1
sources:
            
            
            VULHUB: VHN-74141 // 
            
            
            
            BID: 75048 // 
            
            
            
            JVNDB: JVNDB-2014-008086 // 
            
            
            
            CNNVD: CNNVD-201506-224 // 
            
            
            
            NVD: CVE-2014-6198

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21958090
Trust: 2.0
url:http://www.securitytracker.com/id/1032634
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6198
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6198
Trust: 0.8
url:http://www.securityfocus.com/bid/75048
Trust: 0.6
url:http://www.ibm.com
Trust: 0.3
url:http://www-03.ibm.com/software/products/en/network-protection/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-74141 // 
            
            
            
            BID: 75048 // 
            
            
            
            JVNDB: JVNDB-2014-008086 // 
            
            
            
            CNNVD: CNNVD-201506-224 // 
            
            
            
            NVD: CVE-2014-6198

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 75048 // 
            
            
            
            CNNVD: CNNVD-201506-224

SOURCES
db:VULHUBid:VHN-74141
db:BIDid:75048
db:JVNDBid:JVNDB-2014-008086
db:CNNVDid:CNNVD-201506-224
db:NVDid:CVE-2014-6198

LAST UPDATE DATE
2024-11-23T22:34:57.673000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-74141date:2017-09-23T00:00:00
db:BIDid:75048date:2015-06-04T00:00:00
db:JVNDBid:JVNDB-2014-008086date:2015-06-30T00:00:00
db:CNNVDid:CNNVD-201506-224date:2015-06-29T00:00:00
db:NVDid:CVE-2014-6198date:2024-11-21T02:13:57.617

SOURCES RELEASE DATE
db:VULHUBid:VHN-74141date:2015-06-28T00:00:00
db:BIDid:75048date:2015-06-04T00:00:00
db:JVNDBid:JVNDB-2014-008086date:2015-06-30T00:00:00
db:CNNVDid:CNNVD-201506-224date:2015-06-11T00:00:00
db:NVDid:CVE-2014-6198date:2015-06-28T10:59:00.097