CVE-2014-4806
Published Aug 29, 2014
Last updated 3 years ago
Overview
- Description
- The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-522
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_appscan:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9B3DB34-0269-4BD1-8740-3593C856086F",
"versionEndExcluding": "8.6.0.2",
"versionStartIncluding": "8.0.0.0"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9BA334F-1C90-4877-B43E-2E5CDE748660",
"versionEndExcluding": "8.7.0.1",
"versionStartIncluding": "8.7.0.0"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DB5A0AC-923D-4388-BDEA-DAA5C610AC66",
"versionEndExcluding": "8.8.0.1",
"versionStartIncluding": "8.8.0.0"
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02197BFD-4145-425E-B697-08B69817DCB7",
"versionEndExcluding": "9.0.0.1",
"versionStartIncluding": "9.0.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]