Cross-Site Scripting Vulnerability in IBM Security Access Manager for Web and Mobile
CVE-2014-6079

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Mobile 8.0 Firmware; Security Access Manager For Mobile Appliance
Vendor: CVE Published:; 3 October 2014

Summary

The Local Management Interface of IBM Security Access Manager for Web and Mobile has a Cross-Site Scripting vulnerability that allows remote attackers to execute arbitrary web scripts or HTML through specially crafted URLs. This flaw impacts various versions of the product, which can result in unauthorized actions being performed on behalf of users, potentially compromising sensitive information and user accounts.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684466

x_refsource_CONFIRM

http://www.securityfocus.com/bid/70197

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg1IV64919

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 3, 2014
Vulnerability Reserved
Sep 2, 2014