CVE-2014-6107 - OpenCVE

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Security Identity Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:::::::*
	cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:::::::*
	cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:::::::*
	cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/62363
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645
http://www-01.ibm.com/support/docview.wss?uid=swg21689779
https://exchange.xforce.ibmcloud.com/vulnerabilities/96150

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-11-18T01:00:00

Updated: 2024-08-06T12:03:02.344Z

Reserved: 2014-09-02T00:00:00

Link: CVE-2014-6107

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-11-18T01:59:05.203

Modified: 2017-09-08T01:29:08.933

Link: CVE-2014-6107

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IV66624", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"name": "IV66642", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"name": "ibm-sim-cve20146107-info-disc(96150)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"}, {"name": "IV66635", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"name": "IV66496", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"name": "62363", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62363"}, {"name": "IV66637", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"name": "IV66645", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-6107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IV66624", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"name": "IV66642", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"name": "ibm-sim-cve20146107-info-disc(96150)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"}, {"name": "IV66635", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"name": "IV66496", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"name": "62363", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62363"}, {"name": "IV66637", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"name": "IV66645", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:03:02.344Z"}, "title": "CVE Program Container", "references": [{"name": "IV66624", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"name": "IV66642", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"name": "ibm-sim-cve20146107-info-disc(96150)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"}, {"name": "IV66635", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"name": "IV66496", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"name": "62363", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62363"}, {"name": "IV66637", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"name": "IV66645", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-6107", "datePublished": "2014-11-18T01:00:00", "dateReserved": "2014-09-02T00:00:00", "dateUpdated": "2024-08-06T12:03:02.344Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session."}, {"lang": "es", "value": "IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 permite a atacantes remotos obtener informaci\u00f3n sensible de cookies capturando el tr\u00e1fico de red durante una sesi\u00f3n HTTP."}], "id": "CVE-2014-6107", "lastModified": "2017-09-08T01:29:08.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-18T01:59:05.203", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/62363"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96150"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}