CVE-2014-6092

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:curam_social_program_management:*:sp6:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:curam_social_program_management:6.0.5.5:*:*:*:*:*:*:*

History

21 Nov 2024, 02:13

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg21697742 - Patch, Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21697742 - Patch, Vendor Advisory

Information

Published : 2015-04-27 11:59

Updated : 2024-11-21 02:13


NVD link : CVE-2014-6092

Mitre link : CVE-2014-6092

CVE.ORG link : CVE-2014-6092


JSON object : View

Products Affected

ibm

  • curam_social_program_management
CWE
CWE-17

DEPRECATED: Code