VIR Vulnerability Intelligence Relay

CVE-2014-6106

high
Published 2017-09-18 · Modified 2026-05-13
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2
6.8
VIR risk
8.8

Description

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — https://www-01.ibm.com/support/docview.wss?uid=swg21698020

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — https://exchange.xforce.ibmcloud.com/vulnerabilities/96145

Application impact
VendorProductVersionsFixed
ibmsecurity_identity_manager5.1.0
ibmsecurity_identity_manager5.1.0.3
ibmsecurity_identity_manager5.1.0.4
ibmsecurity_identity_manager5.1.0.5
ibmsecurity_identity_manager5.1.0.6
ibmsecurity_identity_manager5.1.0.7
ibmsecurity_identity_manager5.1.0.8
ibmsecurity_identity_manager5.1.0.9
ibmsecurity_identity_manager5.1.0.10
ibmsecurity_identity_manager5.1.0.11
ibmsecurity_identity_manager5.1.0.12
ibmsecurity_identity_manager5.1.0.13
ibmsecurity_identity_manager5.1.0.14
ibmsecurity_identity_manager5.1.0.15
ibmsecurity_identity_manager6.0.0.0
ibmsecurity_identity_manager6.0.0.1
ibmsecurity_identity_manager6.0.0.2
ibmsecurity_identity_manager6.0.0.3
ibmsecurity_identity_manager6.0.0.4
ibmsecurity_identity_manager7.0.0.0

References

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.