CVE-2014-6086

medium

Description

IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not ensure that HTTPS is used, which allows remote attackers to obtain sensitive information by sniffing the network during an HTTP session.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/95813

http://www-01.ibm.com/support/docview.wss?uid=swg21684475

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581

http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358

Details

Source: Mitre, NVD

Published: 2014-12-18

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00264