Brute-force Vulnerability in IBM Security Access Manager Products
CVE-2014-6078

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Mobile
Vendor: CVE Published:; 18 December 2014

Summary

IBM Security Access Manager for Mobile and Web software products are susceptible to brute-force attacks due to insufficient security measures, such as a lack of account lockout mechanisms after repeated invalid login attempts. This weakness can potentially allow remote attackers to gain unauthorized administrative access, thus compromising the security of sensitive data and systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/95762

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 18, 2014
Vulnerability Reserved
Sep 2, 2014