CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6120
https://notcve.org/view.php?id=CVE-2014-6120
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. IBM Rational AppScan Source 8.0 hasta la versión 8.0.0.2 y 8.5 hasta la versión 8.5.0.1; y Security AppScan Source 8.6 hasta la versión 8.6.0.2, 8.7 hasta la versión 8.7.0.1, 8.8, 9.0 hasta la versión 9.0.0.1 y 9.0.1 permiten que atacantes remotos ejecuten comandos arbitrarios en el servidor de instalación mediante vectores sin especificar. IBM X-Force ID: 96721. • https://exchange.xforce.ibmcloud.com/vulnerabilities/96721 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-8918
https://notcve.org/view.php?id=CVE-2014-8918
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información información sensible a través de un certificado manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 https://exchange.xforce.ibmcloud.com/vulnerabilities/99304 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2014-6136
https://notcve.org/view.php?id=CVE-2014-6136
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 soporta sesiones no codificadas, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 https://exchange.xforce.ibmcloud.com/vulnerabilities/96816 • CWE-310: Cryptographic Issues •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6123
https://notcve.org/view.php?id=CVE-2014-6123
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. IBM Rational AppScan Source 8.0 a través de 8.0.0.2 y 8.5 a través de 8.5.0.1 y Security AppScan Source 8.6 a través de 8.6.0.2, 8.7 a través de 8.7.0.1, 8.8, 9.0 a través de 9.0.0.1, y 9.0.1 permite a usuarios locales obtener información sensible de credenciales leyendo logs de instalación. • http://www-01.ibm.com/support/docview.wss?uid=swg21692999 https://exchange.xforce.ibmcloud.com/vulnerabilities/96724 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4806
https://notcve.org/view.php?id=CVE-2014-4806
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. El proceso de instalación en IBM Security AppScan Enterprise 8.x anterior a 8.6.0.2 iFix 003, 8.7.x anterior a 8.7.0.1 iFix 003, 8.8.x anterior a 8.8.0.1 iFix 002, y 9.0.x anterior a 9.0.0.1 iFix 001 en Linux coloca una contraseña en texto plano en un fichero temporal, lo que permite a usuarios locales obtener información sensible mediante la lectura de este fichero. • http://www-01.ibm.com/support/docview.wss?uid=swg21682642 http://www.securityfocus.com/bid/69435 https://exchange.xforce.ibmcloud.com/vulnerabilities/95354 • CWE-522: Insufficiently Protected Credentials •