IBM AppScan Source Vulnerability Allowing Information Decryption
CVE-2016-3034

4.4MEDIUM

Key Information:

Vendor: IBM Corporation
Status: AppScan Source
Vendor: CVE Published:; 1 February 2017

Summary

IBM AppScan Source utilizes a one-way hash without salt to encrypt sensitive information, making it susceptible to local attackers who can potentially decrypt the data more easily. This vulnerability raises significant concerns regarding the confidentiality and integrity of sensitive information stored within the application, emphasizing the need for robust encryption practices to mitigate such risks.

Affected Version(s)

AppScan Source 7.0

AppScan Source 8.0

AppScan Source 8.0.0.1

References

http://www.ibm.com/support/docview.wss?uid=swg21995903

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95195

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Mar 9, 2016