SQL Injection in Ibm Security_access_manager_for_mobile
CVE-2014-6080
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via u…
Vulnerability class: SQL Injection
EPSS: 0.003 (51.5th percentile) — read the EPSS interpretation.
Affected products
- Ibm Security_access_manager_for_mobile — versions 8.0
- Ibm Security_access_manager_for_web — versions 7.0, 8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- IV67358 (vendor-advisory, x_refsource_AIXAPAR)
- IV67581 (vendor-advisory, x_refsource_AIXAPAR)
- ibm-sam-cve20146080-sql-injection(95767) (vdb-entry, x_refsource_XF)