CVE-2012-2173

Published: Jun 20, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (6)

Products: Ibm: Security Appscan Source

Ibm

1 product

Security Appscan Source

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Appscan Source	Version 7.0
Ibm Security Appscan Source	Version 8.0.0.1
Ibm Security Appscan Source	Version 8.0.0.2
Ibm Security Appscan Source	Version 8.0
Ibm Security Appscan Source	Version 8.5.0.1
Ibm Security Appscan Source	Version 8.5

Related CWEs

CWE-255

References (4)

http://www.ibm.com/support/docview.wss?uid=swg21598423

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/75242

Source: psirt@us.ibm.com

http://www.ibm.com/support/docview.wss?uid=swg21598423

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/75242

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.