CVE-2016-3034

CWE-3263 documents3 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 93.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Appscan SourceIBM Security Appscan Source
Timeline
PublishedFeb 1
Latest updateMay 17

Description

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/security_appscan_source9.0.1, 9.0.2, 9.0.3+2
CVEListV5ibm_corporation/appscan_source22 versions+21

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-3qpw-79h9-q4jc: IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information2022-05-17
CVEList
CVE-2016-3034: IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information2017-02-01
CVE-2016-3034 (MEDIUM CVSS 4.4) | IBM AppScan Source uses a one-way h | cvebase.io