CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3034
https://notcve.org/view.php?id=CVE-2016-3034
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. IBM AppScan Source usa un hash unidireccional sin salt para cifrar información altamente sensible , lo que podría permitir a un atacante local descifrar información con mayor facilidad. • http://www.ibm.com/support/docview.wss?uid=swg21995903 http://www.securityfocus.com/bid/95195 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2016-3033
https://notcve.org/view.php?id=CVE-2016-3033
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM AppScan Source 8.7 hasta la versión 9.0.3.3 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación de servicio (consumo de memoria) a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21987326 http://www.securityfocus.com/bid/92388 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6123
https://notcve.org/view.php?id=CVE-2014-6123
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. IBM Rational AppScan Source 8.0 a través de 8.0.0.2 y 8.5 a través de 8.5.0.1 y Security AppScan Source 8.6 a través de 8.6.0.2, 8.7 a través de 8.7.0.1, 8.8, 9.0 a través de 9.0.0.1, y 9.0.1 permite a usuarios locales obtener información sensible de credenciales leyendo logs de instalación. • http://www-01.ibm.com/support/docview.wss?uid=swg21692999 https://exchange.xforce.ibmcloud.com/vulnerabilities/96724 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-6122
https://notcve.org/view.php?id=CVE-2014-6122
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anteriora 8.6 IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003, y 9.0.1 anterior a 9.0.1 iFix 001 permite a usuarios remotos autenticados escribir en carpetas arbitrarias, y consecuentemente ejecutar comandos arbitrarios, a través de un argumento modificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21693035 http://www.securitytracker.com/id/1031427 https://exchange.xforce.ibmcloud.com/vulnerabilities/96723 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2014-6119
https://notcve.org/view.php?id=CVE-2014-6119
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anterior a IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003 y 9.0.1 anterior a 9.0.1 iFix 001 permite a atacantes remotos a ejecutar código arbitrario mediante un archivo ejecutable modificado en un archivo. • http://secunia.com/advisories/62012 http://www-01.ibm.com/support/docview.wss?uid=swg21693035 http://www-01.ibm.com/support/docview.wss?uid=swg21693183 http://www.securitytracker.com/id/1031427 https://exchange.xforce.ibmcloud.com/vulnerabilities/96720 • CWE-94: Improper Control of Generation of Code ('Code Injection') •