Vulnerability CVE-2014-3053

Vulnerability Name:

CVE-2014-3053 (CCN-93501)

Assigned:

2014-06-19

Published:

2014-06-19

Updated:

2017-08-29

Summary:

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.

CVSS v3 Severity:

8.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): Low Availibility (A): High

CVSS v2 Severity:

8.0 High (CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:P/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:P/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Partial Availibility (A): Complete

8.0 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:P/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:P/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Partial Availibility (A): Complete