CVE-2014-4806

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Appscan

Timeline

PublishedAug 29

Latest updateMay 13

Description

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDibm/security_appscan8.0.0.0 — 8.6.0.2+3

🔴Vulnerability Details

GHSA

GHSA-pjxw-f6xf-rj75: The installation process in IBM Security AppScan Enterprise 8↗2022-05-13

▶

CVEList

CVE-2014-4806: The installation process in IBM Security AppScan Enterprise 8↗2014-08-29

▶