CVE-2014-6083

{"id": "CVE-2014-6083", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-18T16:59:05.473", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95810", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95810", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session."}, {"lang": "es", "value": "IBM Security Access Manager for Mobile 8.x anterior a 8.0.1 y Security Access Manager for Web 7.x anterior a 7.0.0 FP10 y 8.x anterior a 8.0.1 permiten a atacantes remotos obtener informaci\u00f3n de cookies sensibles al capturar el tr\u00e1fico de red durante una sesi\u00f3n HTTP."}], "lastModified": "2024-11-21T02:13:44.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4133E7B3-02B3-44C8-BBD7-234E06C3EC70"}, {"criteria": "cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A4AD958-FDB2-4F63-AD4F-C88B33BFA692"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF1B0C02-D5D9-4F10-9120-C76D39D5C323"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}