CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0936
https://notcve.org/view.php?id=CVE-2014-0936
08 Jun 2014 — IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Security AppScan Source 8.0 hasta 9.0, cuando permiso 'publicar asesoramiento' no está restringido debidamente para el servidor de base de datos configurado, transmite datos de asesoramiento en texto claro, lo que permite a atacantes rem... • http://www-01.ibm.com/support/docview.wss?uid=swg21674750 • CWE-264: Permissions, Privileges, and Access Controls CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2161
https://notcve.org/view.php?id=CVE-2012-2161
20 Jun 2012 — Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en deferredView.jsp in IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y PASW ... • http://www.ibm.com/support/docview.wss?uid=swg21596690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2159
https://notcve.org/view.php?id=CVE-2012-2159
20 Jun 2012 — Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y IBM SPSS Data Collection Developer Library v6.0 y v6... • http://www.ibm.com/support/docview.wss?uid=swg21596690 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2173
https://notcve.org/view.php?id=CVE-2012-2173
20 Jun 2012 — The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. El controlador ODBC de IBM Security AppScan Source v7.x y v8.x anterior a v8.6 envía un hash SHA-1 de la contraseña de conexión durante las conexiones a una base de datos solidDB, que permite a atacantes remotos obtener información sensible el tráfico de la red. • http://www.ibm.com/support/docview.wss?uid=swg21598423 • CWE-255: Credentials Management Errors •