X.509 Certificate Verification Flaw in IBM Security AppScan Standard
CVE-2014-8918

Currently unrated

Key Information:

Vendor: IBM
Status: Security Appscan
Vendor: CVE Published:; 2 February 2015

Summary

IBM Security AppScan Standard versions 8.x and 9.x prior to 9.0.1.1 FP1 possess a serious security flaw where X.509 certificate verification is not properly executed. This insufficient verification allows man-in-the-middle attackers to exploit the vulnerability by impersonating legitimate SSL servers through the use of crafted certificates. As a result, sensitive information could be intercepted, putting users at significant risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99304

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21695170

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 2, 2015
Vulnerability Reserved
Nov 14, 2014