Lucene search

IbmCVE-2014-0904

HistoryMar 26, 2014 - 10:55 a.m.

CVE-2014-0904

2014-03-2610:55:05

CWE-20

ibm

web.nvd.nist.gov

cve-2014-0904

ibm security appscan

remote code execution

integrity checks

nvd

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.009

Percentile

82.4%

JSON

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.

Affected configurations

Nvd

Node

ibmsecurity_appscanMatch7.9-standard

ibmsecurity_appscanMatch8.0-standard

ibmsecurity_appscanMatch8.5-standard

ibmsecurity_appscanMatch8.6-standard

ibmsecurity_appscanMatch8.7-standard

ibmsecurity_appscanMatch8.8-standard

VendorProductVersionCPE
ibmsecurity_appscan7.9cpe:2.3:a:ibm:security_appscan:7.9:-:standard:*:*:*:*:*
ibmsecurity_appscan8.0cpe:2.3:a:ibm:security_appscan:8.0:-:standard:*:*:*:*:*
ibmsecurity_appscan8.5cpe:2.3:a:ibm:security_appscan:8.5:-:standard:*:*:*:*:*
ibmsecurity_appscan8.6cpe:2.3:a:ibm:security_appscan:8.6:-:standard:*:*:*:*:*
ibmsecurity_appscan8.7cpe:2.3:a:ibm:security_appscan:8.7:-:standard:*:*:*:*:*
ibmsecurity_appscan8.8cpe:2.3:a:ibm:security_appscan:8.8:-:standard:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_appscan	7.9	cpe:2.3:a:ibm:security_appscan:7.9:-:standard:::::*
ibm	security_appscan	8.0	cpe:2.3:a:ibm:security_appscan:8.0:-:standard:::::*
ibm	security_appscan	8.5	cpe:2.3:a:ibm:security_appscan:8.5:-:standard:::::*
ibm	security_appscan	8.6	cpe:2.3:a:ibm:security_appscan:8.6:-:standard:::::*
ibm	security_appscan	8.7	cpe:2.3:a:ibm:security_appscan:8.7:-:standard:::::*
ibm	security_appscan	8.8	cpe:2.3:a:ibm:security_appscan:8.8:-:standard:::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21666775

exchange.xforce.ibmcloud.com/vulnerabilities/91536

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.009

Percentile

82.4%

JSON

Related for CVE-2014-0904