IBM AppScan Source Vulnerability Allowing Information Decryption
CVE-2016-3034

4.4MEDIUM

Key Information:

Vendor
CVE Published:
1 February 2017

Summary

IBM AppScan Source utilizes a one-way hash without salt to encrypt sensitive information, making it susceptible to local attackers who can potentially decrypt the data more easily. This vulnerability raises significant concerns regarding the confidentiality and integrity of sensitive information stored within the application, emphasizing the need for robust encryption practices to mitigate such risks.

Affected Version(s)

AppScan Source 7.0

AppScan Source 8.0

AppScan Source 8.0.0.1

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.