Vulnerability Details CVE-2014-6078
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581
- http://www-01.ibm.com/support/docview.wss?uid=swg21684475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95762
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581
- http://www-01.ibm.com/support/docview.wss?uid=swg21684475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95762
Products affected by CVE-2014-6078
-
cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0
-
cpe:2.3:a:ibm:security_access_manager_for_web:7.0
-
cpe:2.3:a:ibm:security_access_manager_for_web:8.0