Severity
4.3MEDIUM
EPSS
0.2%
top 53.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 8
Latest updateMay 17
Description
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS vector
AV:A/AC:H/C:P/I:P/A:PExploitability: 3.2 | Impact: 6.4