CVE-2014-0936
Published Jun 8, 2014
Last updated 7 years ago
Overview
- Description
- IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 6.4
- Exploitability score
- 3.2
- Vector string
- AV:A/AC:H/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6990B7A5-3C72-494B-A512-23E508B71CE4"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C721146-29F1-4785-B6D6-D43389B6CD2D"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B205BA6C-A211-4D1D-B342-598B3057B642"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E024F44-EC78-472F-B186-DF5E882D1217"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F890EA4-7122-4AD1-B0C2-1F6D8B67D021"
}
],
"operator": "OR"
}
]
}
]