SQL Injection Vulnerability in IBM Security Access Manager for Mobile and Web Products
CVE-2014-6080

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Mobile
Vendor: CVE Published:; 18 December 2014

Summary

An SQL injection vulnerability exists in IBM Security Access Manager for Mobile version 8.x prior to 8.0.1 and in Security Access Manager for Web version 7.x prior to 7.0.0 FP10, as well as version 8.x prior to 8.0.1. This flaw allows remote authenticated users to execute arbitrary SQL commands through unspecified access vectors, potentially compromising the integrity and confidentiality of sensitive data within the affected systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Dec 18, 2014
Vulnerability Reserved
Sep 2, 2014