Remote Code Execution Vulnerability in IBM Security AppScan Enterprise
CVE-2014-6119

Currently unrated

Key Information:

Vendor: IBM
Status: Security Appscan; Security Appscan Source
Vendor: CVE Published:; 23 December 2014

Summary

IBM Security AppScan Enterprise versions prior to their respective iFix versions are susceptible to a vulnerability that allows remote attackers to execute arbitrary code. This can be achieved through a specially crafted executable file embedded in an archive, posing significant risks to systems that rely on this software. Organizations using these affected versions are encouraged to apply the latest patches and updates to mitigate the risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/96720

vdb-entryx_refsource_XF

http://www.securitytracker.com/id/1031427

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21693035

x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2014
Vulnerability Reserved
Sep 2, 2014