What is the severity of CVE-2014-6106?

CVE-2014-6106 is considered a medium to high severity vulnerability due to its potential for exploitation via cross-site request forgery.

How do I fix CVE-2014-6106?

To fix CVE-2014-6106, update your IBM Security Identity Manager to the latest patched version available from IBM.

What versions of IBM Security Identity Manager are affected by CVE-2014-6106?

CVE-2014-6106 affects IBM Security Identity Manager versions 5.1, 6.0, and 7.0.

What impacts can result from exploitations of CVE-2014-6106?

Exploitation of CVE-2014-6106 can lead to user authentication hijacking, cross-site scripting attacks, and web cache poisoning.

Is there a workaround for CVE-2014-6106?

While updating is recommended, implementing additional CSRF protections like anti-CSRF tokens can serve as a temporary workaround for CVE-2014-6106.

Vulnerability/
CVE-2014-6106

high

8.8

CWE

352

18/9/2017

6/8/2024

CVE-2014-6106: CSRF

First published: Mon Sep 18 2017(Updated: )

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Security Identity Manager	=5.1.0
IBM Security Identity Manager	=5.1.0.3
IBM Security Identity Manager	=5.1.0.4
IBM Security Identity Manager	=5.1.0.5
IBM Security Identity Manager	=5.1.0.6
IBM Security Identity Manager	=5.1.0.7
IBM Security Identity Manager	=5.1.0.8
IBM Security Identity Manager	=5.1.0.9
IBM Security Identity Manager	=5.1.0.10
IBM Security Identity Manager	=5.1.0.11
IBM Security Identity Manager	=5.1.0.12
IBM Security Identity Manager	=5.1.0.13
IBM Security Identity Manager	=5.1.0.14
IBM Security Identity Manager	=5.1.0.15
IBM Security Identity Manager	=6.0.0.0
IBM Security Identity Manager	=6.0.0.1
IBM Security Identity Manager	=6.0.0.2
IBM Security Identity Manager	=6.0.0.3
IBM Security Identity Manager	=6.0.0.4
IBM Security Identity Manager	=7.0.0.0

Remedy

https://www-01.ibm.com/support/docview.wss?uid=swg21698020

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-6106?
CVE-2014-6106 is considered a medium to high severity vulnerability due to its potential for exploitation via cross-site request forgery.
How do I fix CVE-2014-6106?
To fix CVE-2014-6106, update your IBM Security Identity Manager to the latest patched version available from IBM.
What versions of IBM Security Identity Manager are affected by CVE-2014-6106?
CVE-2014-6106 affects IBM Security Identity Manager versions 5.1, 6.0, and 7.0.
What impacts can result from exploitations of CVE-2014-6106?
Exploitation of CVE-2014-6106 can lead to user authentication hijacking, cross-site scripting attacks, and web cache poisoning.
Is there a workaround for CVE-2014-6106?
While updating is recommended, implementing additional CSRF protections like anti-CSRF tokens can serve as a temporary workaround for CVE-2014-6106.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/severity
agent/references
agent/weakness
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm security identity manager
version/ibm security identity manager/5.1.0
version/ibm security identity manager/5.1.0.3
version/ibm security identity manager/5.1.0.4
version/ibm security identity manager/5.1.0.5
version/ibm security identity manager/5.1.0.6
version/ibm security identity manager/5.1.0.7
version/ibm security identity manager/5.1.0.8
version/ibm security identity manager/5.1.0.9
version/ibm security identity manager/5.1.0.10
version/ibm security identity manager/5.1.0.11
version/ibm security identity manager/5.1.0.12
version/ibm security identity manager/5.1.0.13
version/ibm security identity manager/5.1.0.14
version/ibm security identity manager/5.1.0.15
version/ibm security identity manager/6.0.0.0
version/ibm security identity manager/6.0.0.1
version/ibm security identity manager/6.0.0.2
version/ibm security identity manager/6.0.0.3
version/ibm security identity manager/6.0.0.4
version/ibm security identity manager/7.0.0.0