Vulnerability Name: | CVE-2014-6080 (CCN-95767) | ||||||||
Assigned: | 2014-12-12 | ||||||||
Published: | 2014-12-12 | ||||||||
Updated: | 2017-09-08 | ||||||||
Summary: | SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||||||
CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-89 | ||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-6080 Source: AIXAPAR Type: UNKNOWN IV67358 Source: AIXAPAR Type: UNKNOWN IV67581 Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21684475 Source: CCN Type: IBM Security Bulletin 1684475 Multiple vulnerabilities addressed in IBM Security Access Manager Source: XF Type: UNKNOWN ibm-sam-cve20146080-sql-injection(95767) Source: XF Type: UNKNOWN ibm-sam-cve20146080-sql-injection(95767) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |