IBM Security Access Manager for Mobile CVE-2014-4751 Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	69036
Class:	Input Validation Error
CVE:	CVE-2014-4751
Remote:	Yes
Local:	No
Published:	Jul 30 2014 12:00AM
Updated:	Jul 30 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM Security Access Manager for Mobile 8.0.0.3 IBM Security Access Manager for Mobile 8.0.0.1 IBM Security Access Manager for Mobile 8.0.0.0
Not Vulnerable:

IBM Security Access Manager for Mobile CVE-2014-4751 Unspecified Cross Site Scripting Vulnerability

IBM Security Access Manager for Mobile is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

IBM Security Access Manager For Mobile 8.0.0.0, 8.0.0.1 and 8.0.0.3 are vulnerable.

IBM Security Access Manager for Mobile CVE-2014-4751 Unspecified Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Security Access Manager for Mobile CVE-2014-4751 Unspecified Cross Site Scripting Vulnerability

References:

• IBM Homepage (IBM)
  
• IBM Security Access Manager for Mobile Homepage (IBM)
  
• Security Bulletin: Cross site scripting vulnerability in IBM Security Access Man (IBM)