Vulnerability CVE-2014-4806
Published: 2014-08-29

Description:
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
IBM -> Security appscan 

 References:
http://www-01.ibm.com/support/docview.wss?uid=swg21682642
http://www.securityfocus.com/bid/69435
http://xforce.iss.net/xforce/xfdb/95354
Copyright 2024, cxsecurity.com

 

Back to Top