Information Disclosure in IBM Security AppScan Source
CVE-2014-0936

Currently unrated

Key Information:

Vendor: IBM
Status: Security Appscan Source
Vendor: CVE Published:; 8 June 2014

Summary

The vulnerability in IBM Security AppScan Source versions 8.0 and 9.0 arises from insufficient restrictions on the publish-assessment permission for the configured database server. This flaw allows remote attackers to intercept cleartext assessment data transmitted over the network, potentially exposing sensitive information. Organizations using these versions are at risk and should implement security measures to prevent unauthorized data access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/92317

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21674750

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 8, 2014
Vulnerability Reserved
Jan 6, 2014