CVE-2014-4806

5.5MEDIUM

Key Information:

Vendor
IBM
Status
Security Appscan
Vendor
CVE Published:
29 August 2014

Summary

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

References

http://www.securityfocus.com/bid/69435
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21682642
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/95354
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.