CVE-2014-4812
https://notcve.org/view.php?id=CVE-2014-4812
The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. El instalador en IBM Security AppScan Source 8.x y 9.x hasta 9.0.1 tiene un puerto de red abierta para un servicio de depuración, lo que permite a atacantes remotos obtener información sensible mediante la conexión a este puerto. • http://www-01.ibm.com/support/docview.wss?uid=swg21686844 https://exchange.xforce.ibmcloud.com/vulnerabilities/95388 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4806
https://notcve.org/view.php?id=CVE-2014-4806
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. El proceso de instalación en IBM Security AppScan Enterprise 8.x anterior a 8.6.0.2 iFix 003, 8.7.x anterior a 8.7.0.1 iFix 003, 8.8.x anterior a 8.8.0.1 iFix 002, y 9.0.x anterior a 9.0.0.1 iFix 001 en Linux coloca una contraseña en texto plano en un fichero temporal, lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. • http://www-01.ibm.com/support/docview.wss?uid=swg21682642 http://www.securityfocus.com/bid/69435 https://exchange.xforce.ibmcloud.com/vulnerabilities/95354 • CWE-522: Insufficiently Protected Credentials •
CVE-2014-3072
https://notcve.org/view.php?id=CVE-2014-3072
Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows local users to gain privileges by executing a crafted service. Vulnerabilidad no especificada en Automation Server en IBM Security AppScan Source 8 hasta 8.0.0.2, 8.5 hasta 8.5.0.1, 8.6 hasta 8.6.0.2, 8.7 hasta 8.7.0.1, 8.8, y 9.0 hasta 9.0.0.1 permite a usuarios locales ganar privilegios mediante la ejecución de un servicio manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21680537 https://exchange.xforce.ibmcloud.com/vulnerabilities/93787 •
CVE-2014-0936
https://notcve.org/view.php?id=CVE-2014-0936
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Security AppScan Source 8.0 hasta 9.0, cuando permiso 'publicar asesoramiento' no está restringido debidamente para el servidor de base de datos configurado, transmite datos de asesoramiento en texto claro, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de red. • http://www-01.ibm.com/support/docview.wss?uid=swg21674750 https://exchange.xforce.ibmcloud.com/vulnerabilities/92317 • CWE-264: Permissions, Privileges, and Access Controls CWE-310: Cryptographic Issues •
CVE-2014-0904
https://notcve.org/view.php?id=CVE-2014-0904
The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file. El proceso de actualización en IBM Security AppScan Standard 7.9 hasta 8.8 no requiere comprobaciones de integridad de archivos descargados, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21666775 https://exchange.xforce.ibmcloud.com/vulnerabilities/91536 • CWE-20: Improper Input Validation •