CVE-2014-6078
IBM Security Access Manager for Mobile 8.x and Web 7.x-8.x - Improper Access Control
Title source: llmDescription
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21684475
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95762
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581
Scores
EPSS
0.0137
EPSS Percentile
68.6%
Details
CWE
CWE-284
Status
published
Products (3)
ibm/security_access_manager_for_mobile
8.0
ibm/security_access_manager_for_web
7.0
ibm/security_access_manager_for_web
8.0
Published
Dec 18, 2014
Tracked Since
Feb 18, 2026