CVE-2014-3060

critical

Description

Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93534

http://www-01.ibm.com/support/docview.wss?uid=swg21685705

http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476

Details

Source: Mitre, NVD

Published: 2014-10-02

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02405