CVE-2014-4809 : The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WG

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.

Published 2014-10-03 01:55:07

Updated 2017-08-29 01:35:08

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2014-4809

Probability of exploitation activity in the next 30 days: 0.74%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-4809

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

References for CVE-2014-4809

https://exchange.xforce.ibmcloud.com/vulnerabilities/95376

IBM Security Access Manager for Web denial of service CVE-2014-4809 Vulnerability Report
http://www-01.ibm.com/support/docview.wss?uid=swg21685246

IBM Security Bulletin: Denial of Service when using e-community single sign on in IBM Security Access Manager for Web (CVE-2014-4809)
Patch;Vendor Advisory

Products affected by CVE-2014-4809

IBM » Security Access Manager For Web Appliance » Version: 8.0
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web Appliance » Version: 7.0
cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 8.0 Firmware » Version: 8.0.0.2
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 8.0 Firmware » Version: 8.0.0.3
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 8.0 Firmware » Version: 8.0.0.4
cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.0
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.7
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.8
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.3
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.4
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.1
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.2
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.5
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Security Access Manager For Web 7.0 Firmware » Version: 7.0.0.6
cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-4809

Exploit prediction scoring system (EPSS) score for CVE-2014-4809

CVSS scores for CVE-2014-4809

References for CVE-2014-4809

Products affected by CVE-2014-4809