CVE-2014-0904

CWE-20Improper Input Validation3 documents3 sources
Severity
7.6HIGH
EPSS
3.8%
top 11.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Appscan
Timeline
PublishedMar 26
Latest updateMay 17

Description

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDibm/security_appscan6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-pm6r-74pf-9qrm: The update process in IBM Security AppScan Standard 72022-05-17
CVEList
CVE-2014-0904: The update process in IBM Security AppScan Standard 72014-03-26
CVE-2014-0904 (HIGH CVSS 7.6) | The update process in IBM Security | cvebase.io