{"api_version":"1","generated_at":"2026-04-23T14:42:21+00:00","cve":"CVE-2014-3053","urls":{"html":"https://cve.report/CVE-2014-3053","api":"https://cve.report/api/cve/CVE-2014-3053.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-3053","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-3053"},"summary":{"title":"CVE-2014-3053","description":"The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2014-06-21 15:55:00","updated_at":"2017-08-29 01:34:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676700","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676700","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"IBM Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances - LMI Authentication Bypass (CVE-2014-3053) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557","name":"IV61557","refsource":"AIXAPAR","tags":[],"title":"IBM notice: The page you requested cannot be displayed","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://secunia.com/advisories/59438","name":"59438","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA59438 - IBM Security Access Manager for Web / Security Access Manager for Mobile Multiple Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/59381","name":"59381","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA59381 - IBM Security Privileged Identity Manager LMI Authentication Bypass Vulnerability - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/93501","name":"ibm-isam-cve20143053-credentials(93501)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/68132","name":"68132","refsource":"BID","tags":[],"title":"IBM Security Access Manager for Web and Mobile CVE-2014-3053 Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676389","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676389","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: IBM Security Privileged Identity Manager virtual appliance - LMI Authentication Bypass (CVE-2014-3053)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-3053","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3053","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ibm","cpe5":"security_access_manager_for_mobile_appliance","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ibm","cpe5":"security_access_manager_for_mobile_appliance","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_mobile_software","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_mobile_software","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"security_access_manager_for_web_8.0_firmware","cpe6":"8.0.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"security_access_manager_for_web_8.0_firmware","cpe6":"8.0.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"security_access_manager_for_web_8.0_firmware","cpe6":"8.0.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"security_access_manager_for_web_8.0_firmware","cpe6":"8.0.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ibm","cpe5":"security_access_manager_for_web_appliance","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ibm","cpe5":"security_access_manager_for_web_appliance","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ibm","cpe5":"security_access_manager_for_web_appliance","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"ibm","cpe5":"security_access_manager_for_web_appliance","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_web_software","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_web_software","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_web_software","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"3053","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"security_access_manager_for_web_software","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","ID":"CVE-2014-3053","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ibm-isam-cve20143053-credentials(93501)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/93501"},{"name":"59381","refsource":"SECUNIA","url":"http://secunia.com/advisories/59381"},{"name":"IV61557","refsource":"AIXAPAR","url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IV61557"},{"name":"59438","refsource":"SECUNIA","url":"http://secunia.com/advisories/59438"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676700","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676700"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676389","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676389"},{"name":"68132","refsource":"BID","url":"http://www.securityfocus.com/bid/68132"}]}},"nvd":{"publishedDate":"2014-06-21 15:55:00","lastModifiedDate":"2017-08-29 01:34:00","problem_types":["CWE-287"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:C/I:P/A:C","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE","baseScore":8},"severity":"HIGH","exploitabilityScore":6.5,"impactScore":9.5,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_access_manager_for_mobile_software:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_access_manager_for_web_software:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:security_access_manager_for_web_software:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"3053","Ordinal":"70000","Title":"CVE-2014-3053","CVE":"CVE-2014-3053","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"3053","Ordinal":"1","NoteData":"The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"3053","Ordinal":"2","NoteData":"2014-06-21","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"3053","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}