CVE-2014-6092

Current Description

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.

Basic Data

PublishedApril 27, 2015
Last ModifiedApril 27, 2015
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-17
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmCuram Social Program Management*sp6******5.2
    2.3ApplicationIbmCuram Social Program Management6.0.4.0*******
    2.3ApplicationIbmCuram Social Program Management6.0.4.1*******
    2.3ApplicationIbmCuram Social Program Management6.0.4.2*******
    2.3ApplicationIbmCuram Social Program Management6.0.4.3*******
    2.3ApplicationIbmCuram Social Program Management6.0.4.4*******
    2.3ApplicationIbmCuram Social Program Management6.0.4.5*******
    2.3ApplicationIbmCuram Social Program Management6.0.5.0*******
    2.3ApplicationIbmCuram Social Program Management6.0.5.1*******
    2.3ApplicationIbmCuram Social Program Management6.0.5.2*******
    2.3ApplicationIbmCuram Social Program Management6.0.5.3*******
    2.3ApplicationIbmCuram Social Program Management6.0.5.4*******
    2.3ApplicationIbmCuram Social Program Management6.0.5.5*******

Vulnerable Software List

VendorProductVersions
Ibm Curam Social Program Management *, 6.0.4.0, 6.0.4.1, 6.0.4.2, 6.0.4.3, 6.0.4.4, 6.0.4.5, 6.0.5.0, 6.0.5.1, 6.0.5.2, 6.0.5.3, 6.0.5.4, 6.0.5.5

References

NameSourceURLTags
http://www-01.ibm.com/support/docview.wss?uid=swg21697742http://www-01.ibm.com/support/docview.wss?uid=swg21697742CONFIRMPATCH Vendor Advisory