XSS in Ibm Security_access_manager_for_mobile_8.0_firmware

CVE-2014-6079

Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (64.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Security_access_manager_for_mobile_8.0_firmware — versions 8.0.0.0, 8.0.0.1, 8.0.0.3
Ibm Security_access_manager_for_mobile_appliance — versions 8.0
Ibm Security_access_manager_for_web_7.0_firmware — versions 7.0.0.0, 7.0.0.1, 7.0.0.2
Ibm Security_access_manager_for_web_8.0_firmware — versions 8.0.0.2, 8.0.0.3, 8.0.0.4
Ibm Security_access_manager_for_web_appliance — versions 7.0, 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
70197 (vdb-entry, x_refsource_BID)
IV64919 (vendor-advisory, x_refsource_AIXAPAR)
ibm-sam-cve20146079-xss(95763) (vdb-entry, x_refsource_XF)
61294 (x_refsource_SECUNIA, third-party-advisory)
61278 (x_refsource_SECUNIA, third-party-advisory)
IV64910 (vendor-advisory, x_refsource_AIXAPAR)
psirt@us.ibm.com (x_refsource_CONFIRM)