Lucene search

[email protected]CVE-2014-4806

HistoryAug 29, 2014 - 10:00 a.m.

CVE-2014-4806

2014-08-2910:00:00

CWE-522

[email protected]

web.nvd.nist.gov

ibm

security

appscan

enterprise

linux

password leakage

cve-2014-4806

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

Affected configurations

NVD

Node

ibmsecurity_appscanRange8.0.0.0–8.6.0.2enterprise

ibmsecurity_appscanRange8.7.0.0–8.7.0.1enterprise

ibmsecurity_appscanRange8.8.0.0–8.8.0.1enterprise

ibmsecurity_appscanRange9.0.0.0–9.0.0.1enterprise

AND

linuxlinux_kernel

CPENameOperatorVersion
ibm:security_appscanibm security appscanlt8.6.0.2
ibm:security_appscanibm security appscanlt8.7.0.1
ibm:security_appscanibm security appscanlt8.8.0.1
ibm:security_appscanibm security appscanlt9.0.0.1

CPE	Name	Operator	Version
ibm:security_appscan	ibm security appscan	lt	8.6.0.2
ibm:security_appscan	ibm security appscan	lt	8.7.0.1
ibm:security_appscan	ibm security appscan	lt	8.8.0.1
ibm:security_appscan	ibm security appscan	lt	9.0.0.1

References

www-01.ibm.com/support/docview.wss?uid=swg21682642

www.securityfocus.com/bid/69435

exchange.xforce.ibmcloud.com/vulnerabilities/95354

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-4806

cvelist1 prion1 nvd1