CVE-2014-6086

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-12-18 16:59

Updated : 2024-02-04 18:35


NVD link : CVE-2014-6086

Mitre link : CVE-2014-6086

CVE.ORG link : CVE-2014-6086


JSON object : View

Products Affected

ibm

  • security_access_manager_for_mobile
  • security_access_manager_for_web
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor