CVE-2014-6164

IBM Websphere Application Server - Information Disclosure

Title source: rule
STIX 2.1

Description

IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.4 allows remote attackers to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/97713
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21690185
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI23430

Scores

EPSS 0.0209
EPSS Percentile 79.4%

Details

CWE
CWE-200
Status published
Products (17)
ibm/websphere_application_server 8.0.0.0
ibm/websphere_application_server 8.0.0.1
ibm/websphere_application_server 8.0.0.2
ibm/websphere_application_server 8.0.0.3
ibm/websphere_application_server 8.0.0.4
ibm/websphere_application_server 8.0.0.5
ibm/websphere_application_server 8.0.0.6
ibm/websphere_application_server 8.0.0.7
ibm/websphere_application_server 8.0.0.8
ibm/websphere_application_server 8.0.0.9
... and 7 more
Published Dec 18, 2014
Tracked Since Feb 18, 2026