CVE-2014-6168 : Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1 before 5.1.0.15 IF0056 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published 2014-12-29 02:59:02

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)

Products affected by CVE-2014-6168

IBM » Security Identity Manager » Version: 5.1.0.8
cpe:2.3:a:ibm:security_identity_manager:5.1.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.9
cpe:2.3:a:ibm:security_identity_manager:5.1.0.9:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.6
cpe:2.3:a:ibm:security_identity_manager:5.1.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.7
cpe:2.3:a:ibm:security_identity_manager:5.1.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.14
cpe:2.3:a:ibm:security_identity_manager:5.1.0.14:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.15
cpe:2.3:a:ibm:security_identity_manager:5.1.0.15:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0
cpe:2.3:a:ibm:security_identity_manager:5.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.3
cpe:2.3:a:ibm:security_identity_manager:5.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.10
cpe:2.3:a:ibm:security_identity_manager:5.1.0.10:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.11
cpe:2.3:a:ibm:security_identity_manager:5.1.0.11:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.4
cpe:2.3:a:ibm:security_identity_manager:5.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.5
cpe:2.3:a:ibm:security_identity_manager:5.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.12
cpe:2.3:a:ibm:security_identity_manager:5.1.0.12:*:*:*:*:*:*:*
Matching versions
IBM » Security Identity Manager » Version: 5.1.0.13
cpe:2.3:a:ibm:security_identity_manager:5.1.0.13:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-6168

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-6168

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-6168

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-6168

http://www-01.ibm.com/support/docview.wss?uid=swg21692907

IBM Security Bulletin:IBM Security Identity Manager is vulnerable to Cross-Site Request Forgery (CVE-2014-6168)
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/97752

IBM Security Identity Manager cross-site request forgery CVE-2014-6168 Vulnerability Report

Jump to

Vulnerability Details : CVE-2014-6168

Products affected by CVE-2014-6168

Exploit prediction scoring system (EPSS) score for CVE-2014-6168

CVSS scores for CVE-2014-6168

CWE ids for CVE-2014-6168

References for CVE-2014-6168