Clickjacking Vulnerability in IBM Security Access Manager
CVE-2014-6076

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Mobile
Vendor: CVE Published:; 18 December 2014

What is CVE-2014-6076?

IBM Security Access Manager products have a vulnerability that allows remote attackers to perform clickjacking attacks through specially crafted web pages. This could lead to unauthorized actions being taken on behalf of unsuspecting users without their consent. The impacted versions include IBM Security Access Manager for Mobile 8.x prior to 8.0.1 and Security Access Manager for Web versions 7.x prior to 7.0.0 FP10 and 8.x prior to 8.0.1. It is essential to implement the recommended updates to defend against this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/95729

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2014
Vulnerability Reserved
Sep 2, 2014