Boletines de Vulnerabilidades

IBM Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances - LMI Authentication Bypass (CVE-2014-3053)

Información sobre el sistema
   
Software afectado IBM

Descripción
An undisclosed vulnerability can allow unauthorized users to login to the Local Management Interface of the IBM Security Access Manager for Mobile appliance / IBM Security Access Manager for Web appliance with invalid credentials. CVE(s): CVE-2014-3053 Affected product(s) and affected version(s): IBM Security Access Manager for Mobile version 8.0 - firmware versions 8.0.0.0, 8.0.0.3 IBM Security Access Manager for Web version 7.0 appliance - all firmware versions IBM Security Access

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_security_access_manager_for_mobile_and_ibm_security_access_manager_for_web_appliances_lmi_authentication_bypass_cve_2014_3053?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2014-3053 ,CVE-2014-2398 ,CVE-2014-0453 ,CVE-2014-2414 ,CVE-2014-0114 and CVE-2010-5107.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-06-21

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT