Cross-Site Request Forgery Vulnerability in IBM Security Access Manager
CVE-2014-6077

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Web
Vendor: CVE Published:; 18 December 2014

Summary

This vulnerability in IBM Security Access Manager for Mobile and Web allows remote attackers to execute unauthorized actions on behalf of legitimate users. Specifically, it facilitates the hijacking of user authentication, enabling attackers to insert malicious XSS sequences into requests. This can compromise sensitive user data and integrity of the web application, highlighting the importance of implementing proper security measures to mitigate such risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/95730

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 18, 2014
Vulnerability Reserved
Sep 2, 2014