Information Disclosure Vulnerability in IBM Security Access Manager Products
CVE-2014-6086

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Mobile
Vendor: CVE Published:; 18 December 2014

Summary

IBM Security Access Manager for Mobile and Web prior to specified versions lack proper enforcement of HTTPS protocols. This oversight permits remote adversaries to intercept sensitive information during an unencrypted HTTP session, increasing the risk of data exposure and potential unauthorized access. Organizations using these affected products should prioritize updating to the latest versions to mitigate the risk of such vulnerabilities.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95813

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Dec 18, 2014
Vulnerability Reserved
Sep 2, 2014