IBM AppScan Source Vulnerability Allowing Information Decryption
CVE-2016-3034
4.4MEDIUM
Summary
IBM AppScan Source utilizes a one-way hash without salt to encrypt sensitive information, making it susceptible to local attackers who can potentially decrypt the data more easily. This vulnerability raises significant concerns regarding the confidentiality and integrity of sensitive information stored within the application, emphasizing the need for robust encryption practices to mitigate such risks.
Affected Version(s)
AppScan Source 7.0
AppScan Source 8.0
AppScan Source 8.0.0.1
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved