Lucene search
HistoryJun 08, 2014 - 11:55 p.m.
CVE-2014-0936
CVSS2
4.3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
65.7%
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
Affected configurations
Node
ibmsecurity_appscan_sourceMatch8.0
ORibmsecurity_appscan_sourceMatch8.5
ORibmsecurity_appscan_sourceMatch8.6
ORibmsecurity_appscan_sourceMatch8.7
ORibmsecurity_appscan_sourceMatch8.8
ORibmsecurity_appscan_sourceMatch9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | security_appscan_source | 8.0 | cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:* |
| ibm | security_appscan_source | 8.5 | cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:* |
| ibm | security_appscan_source | 8.6 | cpe:2.3:a:ibm:security_appscan_source:8.6:*:*:*:*:*:*:* |
| ibm | security_appscan_source | 8.7 | cpe:2.3:a:ibm:security_appscan_source:8.7:*:*:*:*:*:*:* |
| ibm | security_appscan_source | 8.8 | cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:* |
| ibm | security_appscan_source | 9.0 | cpe:2.3:a:ibm:security_appscan_source:9.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-0936
2014-06-08 23:00:00
cve
cve
CVE-2014-0936
2014-06-08 23:55:02
prion
prion
Design/Logic Flaw
2014-06-08 23:55:00
CVSS2
4.3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
65.7%
Related for NVD:CVE-2014-0936