Arbitrary Code Execution Risk in IBM Security AppScan Standard
CVE-2014-0904

Currently unrated

Key Information:

Vendor: IBM
Status: Security Appscan
Vendor: CVE Published:; 26 March 2014

What is CVE-2014-0904?

The update process in IBM Security AppScan Standard versions 7.9 to 8.8 lacks stringent integrity checks on downloaded files. This weakness allows remote attackers to exploit the system by sending specially crafted files, potentially leading to arbitrary code execution. It is crucial for users to be aware of this vulnerability and apply necessary security measures to safeguard against potential breaches. Regular software updates and vigilance in monitoring file integrity can help mitigate the risks associated with this flaw.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21666775

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/91536

vdb-entryx_refsource_XF

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2014
Vulnerability Reserved
Jan 6, 2014