CVE-2014-3053

critical

Description

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93501

http://www.securityfocus.com/bid/68132

http://www-01.ibm.com/support/docview.wss?uid=swg21676700

http://www-01.ibm.com/support/docview.wss?uid=swg21676389

http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557

http://secunia.com/advisories/59438

http://secunia.com/advisories/59381

Details

Source: Mitre, NVD

Published: 2014-06-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 8

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:P/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00783