CVE-2014-0904

Published Mar 26, 2014

Last updated 3 months ago

CVSS info 7.6

Overview

Description: The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.6
Impact score: 10
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:security_appscan:7.9:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE0F7960-E667-45DE-A41B-1A808D5E3996"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_appscan:8.0:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F1FF4B-5106-4E97-BC8F-0C63C9C68610"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_appscan:8.5:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CE9175B-A392-4C6E-8E4E-141E1C38F31B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_appscan:8.6:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F2FD084-BB5B-441C-A5DB-127890860B29"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_appscan:8.7:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F689269B-3EED-45D6-A73D-9B380E1B371B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:security_appscan:8.8:-:standard:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0E53D94-ED32-4C2B-B66F-9BBE49A4F7DC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References