Vulnerability Name: | CVE-2014-6089 (CCN-95861) | ||||||||
Assigned: | 2014-12-12 | ||||||||
Published: | 2014-12-12 | ||||||||
Updated: | 2017-09-08 | ||||||||
Summary: | IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. | ||||||||
CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-19 | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-6089 Source: AIXAPAR Type: UNKNOWN IV67358 Source: AIXAPAR Type: UNKNOWN IV67581 Source: CCN Type: IBM Security Bulletin 1684475 Multiple vulnerabilities addressed in IBM Security Access Manager Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg21684475 Source: XF Type: UNKNOWN ibm-sam-cve20146089-upload(95860) Source: XF Type: UNKNOWN ibm-sam-cve20146089-file-upload(95861) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |