CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
65.7%
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | security_appscan_source | 8.0 | cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:* |
ibm | security_appscan_source | 8.5 | cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:* |
ibm | security_appscan_source | 8.6 | cpe:2.3:a:ibm:security_appscan_source:8.6:*:*:*:*:*:*:* |
ibm | security_appscan_source | 8.7 | cpe:2.3:a:ibm:security_appscan_source:8.7:*:*:*:*:*:*:* |
ibm | security_appscan_source | 8.8 | cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:* |
ibm | security_appscan_source | 9.0 | cpe:2.3:a:ibm:security_appscan_source:9.0:*:*:*:*:*:*:* |