Vulnerability-Lookup

CVE-2014-4809 (GCVE-0-2014-4809)

Vulnerability from cvelistv5 – Published: 2014-10-03 01:00 – Updated: 2024-08-06 11:27

Summary

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://secunia.com/advisories/61294	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg…	vendor-advisoryx_refsource_AIXAPAR

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
          },
          {
            "name": "61294",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "ibm-sam-cve20144809-dos(95376)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
          },
          {
            "name": "IV64915",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
        },
        {
          "name": "61294",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61294"
        },
        {
          "name": "ibm-sam-cve20144809-dos(95376)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
        },
        {
          "name": "IV64915",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4809",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "ibm-sam-cve20144809-dos(95376)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
            },
            {
              "name": "IV64915",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4809",
    "datePublished": "2014-10-03T01:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-4809\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2014-10-03T01:55:07.237\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"El componente WebSEAL en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, cuando e-community SSO est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del componente) a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97E19969-DD73-42F2-9E91-504E1663B268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9CC2E05-5179-4241-A710-E582510EEB0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C5EBB4D-36F8-453C-9D2C-A63490144596\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"842C3B2E-4807-4150-AD45-620ACC88423F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22433CE0-9772-48CE-8069-612FF3732C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2569AA28-5C61-4BBD-A501-E1ACFA36837B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AB188A2-D7CE-4141-A55A-C074C84E366E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE776097-1DA4-4F27-8E96-61E3D9FFE8D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4E5283-0FEE-4F37-9C41-FA695063FF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73EB6121-62CD-49FC-A1D2-5467B007253C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/61294\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21685246\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95376\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://secunia.com/advisories/61294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21685246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/95376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201410-0082

Vulnerability from variot - Updated: 2025-04-13 21:34

The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. IBM Security Access Manager for Web is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause CPU utilization to rapidly increase, leading to a denial-of-service condition. It provides user access management and Web application protection function. WebSEAL is one of the Web server components that provides authentication

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0082",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.4"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "security access manager for web 8.0",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0.0.7"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security access manager for web 7.0",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "security access manager for web software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0.0-iss-wga-fp0005"
      },
      {
        "model": "security access manager for web software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.x"
      },
      {
        "model": "security access manager for web software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0.0-iss-wga-if0009"
      },
      {
        "model": "security access manager for web software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.x"
      },
      {
        "model": "security access manager for web the appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.7"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:ibm:security_access_manager_for_web_appliance",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ibm:security_access_manager_for_web_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM",
    "sources": [
      {
        "db": "BID",
        "id": "70283"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-4809",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-4809",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-72750",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-4809",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-4809",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-055",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-72750",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. IBM Security Access Manager for Web is prone to a remote  denial-of-service vulnerability. \nAn attacker can exploit this issue to cause CPU utilization to rapidly  increase, leading to a denial-of-service condition. It provides user access management and Web application protection function. WebSEAL is one of the Web server components that provides authentication",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "db": "BID",
        "id": "70283"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72750"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-4809",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "61294",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "95376",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "70283",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-72750",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72750"
      },
      {
        "db": "BID",
        "id": "70283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "id": "VAR-201410-0082",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72750"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T21:34:26.122000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1685246",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
      },
      {
        "title": "8.0.0-ISS-WGA-FP0005",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54168"
      },
      {
        "title": "8.0.0-ISS-WGA-FP0005",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54167"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
      },
      {
        "trust": 1.1,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv64915"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61294"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4809"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4809"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/95376"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www-03.ibm.com/software/products/en/access-mgr-web"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72750"
      },
      {
        "db": "BID",
        "id": "70283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-72750"
      },
      {
        "db": "BID",
        "id": "70283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72750"
      },
      {
        "date": "2014-09-29T00:00:00",
        "db": "BID",
        "id": "70283"
      },
      {
        "date": "2014-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "date": "2014-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      },
      {
        "date": "2014-10-03T01:55:07.237000",
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72750"
      },
      {
        "date": "2014-09-29T00:00:00",
        "db": "BID",
        "id": "70283"
      },
      {
        "date": "2014-10-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      },
      {
        "date": "2014-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-4809"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM Security Access Manager for Web of  WebSEAL In the component Service operation interruption  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004510"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-055"
      }
    ],
    "trust": 0.6
  }
}

GHSA-72QR-F4WF-PGVP

Vulnerability from github – Published: 2022-05-17 01:23 – Updated: 2022-05-17 01:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-4809"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-10-03T01:55:00Z",
    "severity": "HIGH"
  },
  "details": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.",
  "id": "GHSA-72qr-f4wf-pgvp",
  "modified": "2022-05-17T01:23:16Z",
  "published": "2022-05-17T01:23:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4809"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2014-4809

Vulnerability from fkie_nvd - Published: 2014-10-03 01:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/61294
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21685246	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/95376
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/61294
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21685246	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/95376

Impacted products

Vendor	Product	Version
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.2
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.3
ibm	security_access_manager_for_web_8.0_firmware	8.0.0.4
ibm	security_access_manager_for_web_appliance	8.0
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.0
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.1
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.2
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.3
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.4
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.5
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.6
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.7
ibm	security_access_manager_for_web_7.0_firmware	7.0.0.8
ibm	security_access_manager_for_web_appliance	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E19969-DD73-42F2-9E91-504E1663B268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CC2E05-5179-4241-A710-E582510EEB0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE7B275-7B8D-45F9-86A5-8F4A4484F2B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5EBB4D-36F8-453C-9D2C-A63490144596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "842C3B2E-4807-4150-AD45-620ACC88423F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22433CE0-9772-48CE-8069-612FF3732C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2569AA28-5C61-4BBD-A501-E1ACFA36837B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AB188A2-D7CE-4141-A55A-C074C84E366E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4E5283-0FEE-4F37-9C41-FA695063FF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EB6121-62CD-49FC-A1D2-5467B007253C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El componente WebSEAL en IBM Security Access Manager for Web 7.x anterior a 7.0.0-ISS-WGA-IF0009 y 8.x anterior a 8.0.0-ISS-WGA-FP0005, cuando e-community SSO est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue del componente) a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-4809",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-03T01:55:07.237",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/61294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-4809

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-4809

Aliases

CVE-2014-4809

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-4809",
    "description": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.",
    "id": "GSD-2014-4809"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-4809"
      ],
      "details": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.",
      "id": "GSD-2014-4809",
      "modified": "2023-12-13T01:22:45.224136Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2014-4809",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
          },
          {
            "name": "61294",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/61294"
          },
          {
            "name": "ibm-sam-cve20144809-dos(95376)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
          },
          {
            "name": "IV64915",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4809"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685246"
            },
            {
              "name": "IV64915",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV64915"
            },
            {
              "name": "61294",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/61294"
            },
            {
              "name": "ibm-sam-cve20144809-dos(95376)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95376"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:35Z",
      "publishedDate": "2014-10-03T01:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-4809 (GCVE-0-2014-4809)

VAR-201410-0082

GHSA-72QR-F4WF-PGVP

FKIE_CVE-2014-4809

GSD-2014-4809

Tags

Sightings

Nomenclature