Auth bypass in Ibm Security_access_manager_for_mobile_appliance

CVE-2014-3053

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers…

Vulnerability class: Broken Authentication

EPSS: 0.022 (84.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Security_access_manager_for_mobile_appliance — versions 8.0
Ibm Security_access_manager_for_mobile_software — versions 8.0
Ibm Security_access_manager_for_web_8.0_firmware — versions 8.0.0.2, 8.0.0.3
Ibm Security_access_manager_for_web_appliance — versions 8.0, 7.0
Ibm Security_access_manager_for_web_software — versions 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

ibm-isam-cve20143053-credentials(93501) (vdb-entry, x_refsource_XF)
59381 (x_refsource_SECUNIA, third-party-advisory)
IV61557 (vendor-advisory, x_refsource_AIXAPAR)
59438 (x_refsource_SECUNIA, third-party-advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM)
68132 (vdb-entry, x_refsource_BID)