CVE-2014-3053

IBM Security Access Manager for Web 8.0 Firmware 8.0.0.0-8.0.0.3 - Authentication Bypass via Local Management Interface

Title source: llm

Description

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/93501

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59381

Various Sources vendor-advisory x_refsource_aixapar

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59438

Vendor Advisory x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21676700

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21676389

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/68132

Scores

EPSS 0.0137

EPSS Percentile 68.5%

Details

CWE

CWE-287

Status published

Products (8)

ibm/security_access_manager_for_mobile_appliance 8.0

ibm/security_access_manager_for_mobile_software 8.0

ibm/security_access_manager_for_web_8.0_firmware 8.0.0.2

ibm/security_access_manager_for_web_8.0_firmware 8.0.0.3

ibm/security_access_manager_for_web_appliance 8.0

ibm/security_access_manager_for_web_appliance 7.0

ibm/security_access_manager_for_web_software 7.0

ibm/security_access_manager_for_web_software 8.0

Published Jun 21, 2014

Tracked Since Feb 18, 2026