OpenCVE

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Security Identity Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:::::::*
	cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:::::::*
	cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:::::::*
	cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642
http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645
http://www-01.ibm.com/support/docview.wss?uid=swg21689779
https://exchange.xforce.ibmcloud.com/vulnerabilities/96179

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-11-18T01:00:00

Updated: 2024-08-06T12:03:02.382Z

Reserved: 2014-09-02T00:00:00

Link: CVE-2014-6110

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-11-18T01:59:06.217

Modified: 2024-11-21T02:13:47.827

Link: CVE-2014-6110

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IV66624", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"name": "IV66642", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"name": "IV66635", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"name": "IV66496", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"name": "ibm-sim-cve20146110-sec-bypass(96179)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"}, {"name": "IV66637", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"name": "IV66645", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-6110", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IV66624", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"name": "IV66642", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"name": "IV66635", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"name": "IV66496", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"name": "ibm-sim-cve20146110-sec-bypass(96179)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"}, {"name": "IV66637", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"name": "IV66645", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:03:02.382Z"}, "title": "CVE Program Container", "references": [{"name": "IV66624", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"name": "IV66642", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"name": "IV66635", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"name": "IV66496", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"name": "ibm-sim-cve20146110-sec-bypass(96179)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"}, {"name": "IV66637", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"name": "IV66645", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-6110", "datePublished": "2014-11-18T01:00:00", "dateReserved": "2014-09-02T00:00:00", "dateUpdated": "2024-08-06T12:03:02.382Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4FB196B-1B0B-4B14-BC5C-1F804BBCCB90", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8E94338D-6115-4208-BB3F-9C36BF183B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "49F2EB0F-1E41-4FD1-BD01-526CCEFF1292", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_identity_manager:6.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "597051D6-F2A8-4986-A523-A1807466C736", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation."}, {"lang": "es", "value": "IBM Security Identify Manager 6.x anterior a 6.0.0.3 IF14 no realiza debidamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos acceder a sesiones mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida."}], "id": "CVE-2014-6110", "lastModified": "2024-11-21T02:13:47.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-18T01:59:06.217", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96179"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}