Lucene search

IbmCVE-2014-0936

HistoryJun 08, 2014 - 11:55 p.m.

CVE-2014-0936

2014-06-0823:55:02

CWE-264

CWE-310

ibm

web.nvd.nist.gov

ibm

security

appscan

source

8.0

9.0

cleartext

assessment

data

remote attackers

sensitive information

sniffing

network

cve-2014-0936

nvd

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected configurations

Nvd

Node

ibmsecurity_appscan_sourceMatch8.0

ibmsecurity_appscan_sourceMatch8.5

ibmsecurity_appscan_sourceMatch8.6

ibmsecurity_appscan_sourceMatch8.7

ibmsecurity_appscan_sourceMatch8.8

ibmsecurity_appscan_sourceMatch9.0

VendorProductVersionCPE
ibmsecurity_appscan_source8.0cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*
ibmsecurity_appscan_source8.5cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*
ibmsecurity_appscan_source8.6cpe:2.3:a:ibm:security_appscan_source:8.6:*:*:*:*:*:*:*
ibmsecurity_appscan_source8.7cpe:2.3:a:ibm:security_appscan_source:8.7:*:*:*:*:*:*:*
ibmsecurity_appscan_source8.8cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:*
ibmsecurity_appscan_source9.0cpe:2.3:a:ibm:security_appscan_source:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_appscan_source	8.0	cpe:2.3:a:ibm:security_appscan_source:8.0:::::::*
ibm	security_appscan_source	8.5	cpe:2.3:a:ibm:security_appscan_source:8.5:::::::*
ibm	security_appscan_source	8.6	cpe:2.3:a:ibm:security_appscan_source:8.6:::::::*
ibm	security_appscan_source	8.7	cpe:2.3:a:ibm:security_appscan_source:8.7:::::::*
ibm	security_appscan_source	8.8	cpe:2.3:a:ibm:security_appscan_source:8.8:::::::*
ibm	security_appscan_source	9.0	cpe:2.3:a:ibm:security_appscan_source:9.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21674750

exchange.xforce.ibmcloud.com/vulnerabilities/92317

Social References

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

65.7%

JSON

Related for CVE-2014-0936