Information Disclosure Vulnerability in IBM Security Access Manager Products
CVE-2014-6088

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Web
Vendor: CVE Published:; 18 December 2014

Summary

IBM Security Access Manager for Mobile and Web prior to specified versions are susceptible to an information disclosure vulnerability. Attackers can exploit this flaw by sniffing network traffic to capture sensitive data during the use of a null SSL cipher. The vulnerability highlights the importance of using strong encryption standards to protect data in transit.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95860

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Dec 18, 2014
Vulnerability Reserved
Sep 2, 2014