IBM Security Access Manager for Mobile 8.x prior to 8.0.1 and Security Access Manager for Web 7.x prior to 7.0.0 FP10 and 8.x prior to 8.0.1 do not ensure that HTTPS is used, which allows remote malicious users to obtain sensitive information by sniffing the network during an HTTP session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm security access manager for mobile 8.0 |
||
ibm security access manager for web 7.0 |
||
ibm security access manager for web 8.0 |