CVE-2016-3034

Published: Feb 1, 2017Modified: May 13, 2026

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

Affected (3)

Products: Ibm: Security Appscan Source

Ibm

1 product

Security Appscan Source

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Appscan Source	Version 9.0.1
Ibm Security Appscan Source	Version 9.0.2
Ibm Security Appscan Source	Version 9.0.3

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (4)

http://www.ibm.com/support/docview.wss?uid=swg21995903

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/95195

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www.ibm.com/support/docview.wss?uid=swg21995903

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/95195

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.