CVE-2014-0936

Published: Jun 8, 2014Modified: May 6, 2026

4.3

Vector

AV:A/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 3.2 / Impact: 6.4

Source: NVD

Description

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (6)

Products: Ibm: Security Appscan Source

Ibm

1 product

Security Appscan Source

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Appscan Source	Version 8.0
Ibm Security Appscan Source	Version 8.5
Ibm Security Appscan Source	Version 8.6
Ibm Security Appscan Source	Version 8.7
Ibm Security Appscan Source	Version 8.8
Ibm Security Appscan Source	Version 9.0

Related CWEs

CWE-264

CWE-310

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21674750

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92317

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21674750

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/92317

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.