CVE-2014-6078
https://notcve.org/view.php?id=CVE-2014-6078
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no tiene un periodo de bloqueo tras intentos fallidos de login, esto provoca que sea fácil para atacantes remotos obtener acceso de administrador mediante un ataque de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95762 • CWE-284: Improper Access Control •
CVE-2014-6086
https://notcve.org/view.php?id=CVE-2014-6086
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 no asegura que se utilice HTTPS, lo que permite a atacantes remotos obtener información sensible al capturar el tráfico de red durante una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95813 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6089
https://notcve.org/view.php?id=CVE-2014-6089
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a usuarios remotos autenticados provocar una denegación de servicio (interrupción de operaciones del sistema) al subir un archivo a una área protegida. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95860 • CWE-19: Data Processing Errors •
CVE-2014-6080
https://notcve.org/view.php?id=CVE-2014-6080
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a usuarios remotos autenticados, ejecutar sentencias SQL arbitrarias mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95767 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-6077
https://notcve.org/view.php?id=CVE-2014-6077
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permite a atacantes remotos a robar la autenticación de usuarios arbitrarios de peticiones insertadas en secuencias XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358 http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581 http://www-01.ibm.com/support/docview.wss?uid=swg21684475 https://exchange.xforce.ibmcloud.com/vulnerabilities/95730 • CWE-352: Cross-Site Request Forgery (CSRF) •