What is the severity of CVE-2014-6092?

CVE-2014-6092 has a medium severity level due to its impact on failed-login handling for web-service accounts.

How do I fix CVE-2014-6092?

To fix CVE-2014-6092, update IBM Curam Social Program Management to version 6.0.5.6 or later.

What versions of IBM Curam Social Program Management are affected by CVE-2014-6092?

CVE-2014-6092 affects versions before SP6 EP6 for 5.2 and versions before EP26 for 6.0 SP2, including certain early 6.0.4 and 6.0.5 releases.

What are the risks associated with CVE-2014-6092?

The risks associated with CVE-2014-6092 include potential unauthorized access due to insufficient lockout policies for web-service accounts.

When was CVE-2014-6092 disclosed?

CVE-2014-6092 was disclosed in 2014, highlighting vulnerabilities in IBM Curam Social Program Management.

Vulnerability/
CVE-2014-6092

medium

CWE

27/4/2015

6/8/2024

CVE-2014-6092

First published: Mon Apr 27 2015(Updated: )

IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Curam Social Program Management	<=5.2
IBM Curam Social Program Management	=6.0.4.0
IBM Curam Social Program Management	=6.0.4.1
IBM Curam Social Program Management	=6.0.4.2
IBM Curam Social Program Management	=6.0.4.3
IBM Curam Social Program Management	=6.0.4.4
IBM Curam Social Program Management	=6.0.4.5
IBM Curam Social Program Management	=6.0.5.0
IBM Curam Social Program Management	=6.0.5.1
IBM Curam Social Program Management	=6.0.5.2
IBM Curam Social Program Management	=6.0.5.3
IBM Curam Social Program Management	=6.0.5.4
IBM Curam Social Program Management	=6.0.5.5

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21697742

Never miss a vulnerability like this again

Reference Links

http://www-01.ibm.com/support/docview.wss?uid=swg21697742

Frequently Asked Questions

What is the severity of CVE-2014-6092?
CVE-2014-6092 has a medium severity level due to its impact on failed-login handling for web-service accounts.
How do I fix CVE-2014-6092?
To fix CVE-2014-6092, update IBM Curam Social Program Management to version 6.0.5.6 or later.
What versions of IBM Curam Social Program Management are affected by CVE-2014-6092?
CVE-2014-6092 affects versions before SP6 EP6 for 5.2 and versions before EP26 for 6.0 SP2, including certain early 6.0.4 and 6.0.5 releases.
What are the risks associated with CVE-2014-6092?
The risks associated with CVE-2014-6092 include potential unauthorized access due to insufficient lockout policies for web-service accounts.
When was CVE-2014-6092 disclosed?
CVE-2014-6092 was disclosed in 2014, highlighting vulnerabilities in IBM Curam Social Program Management.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/severity
agent/references
agent/weakness
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm curam social program management
version/ibm curam social program management/5.2
version/ibm curam social program management/6.0.4.0
version/ibm curam social program management/6.0.4.1
version/ibm curam social program management/6.0.4.2
version/ibm curam social program management/6.0.4.3
version/ibm curam social program management/6.0.4.4
version/ibm curam social program management/6.0.4.5
version/ibm curam social program management/6.0.5.0
version/ibm curam social program management/6.0.5.1
version/ibm curam social program management/6.0.5.2
version/ibm curam social program management/6.0.5.3
version/ibm curam social program management/6.0.5.4
version/ibm curam social program management/6.0.5.5

Frequently Asked Questions

What is the severity of CVE-2014-6092?
CVE-2014-6092 has a medium severity level due to its impact on failed-login handling for web-service accounts.
How do I fix CVE-2014-6092?
To fix CVE-2014-6092, update IBM Curam Social Program Management to version 6.0.5.6 or later.
What versions of IBM Curam Social Program Management are affected by CVE-2014-6092?
CVE-2014-6092 affects versions before SP6 EP6 for 5.2 and versions before EP26 for 6.0 SP2, including certain early 6.0.4 and 6.0.5 releases.
What are the risks associated with CVE-2014-6092?
The risks associated with CVE-2014-6092 include potential unauthorized access due to insufficient lockout policies for web-service accounts.
When was CVE-2014-6092 disclosed?
CVE-2014-6092 was disclosed in 2014, highlighting vulnerabilities in IBM Curam Social Program Management.

CVE-2014-6092

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-6092?

How do I fix CVE-2014-6092?

What versions of IBM Curam Social Program Management are affected by CVE-2014-6092?

What are the risks associated with CVE-2014-6092?

When was CVE-2014-6092 disclosed?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-6092?

How do I fix CVE-2014-6092?

What versions of IBM Curam Social Program Management are affected by CVE-2014-6092?

What are the risks associated with CVE-2014-6092?

When was CVE-2014-6092 disclosed?