CVE-2014-6078

IBM Security Access Manager for Mobile 8.x and Web 7.x-8.x - Improper Access Control

Title source: llm
STIX 2.1

Description

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21684475
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95762
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581

Scores

EPSS 0.0137
EPSS Percentile 68.6%

Details

CWE
CWE-284
Status published
Products (3)
ibm/security_access_manager_for_mobile 8.0
ibm/security_access_manager_for_web 7.0
ibm/security_access_manager_for_web 8.0
Published Dec 18, 2014
Tracked Since Feb 18, 2026