CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6120
https://notcve.org/view.php?id=CVE-2014-6120
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. IBM Rational AppScan Source 8.0 hasta la versión 8.0.0.2 y 8.5 hasta la versión 8.5.0.1; y Security AppScan Source 8.6 hasta la versión 8.6.0.2, 8.7 hasta la versión 8.7.0.1, 8.8, 9.0 hasta la versión 9.0.0.1 y 9.0.1 permiten que atacantes remotos ejecuten comandos arbitrarios en el servidor de instalación mediante vectores sin especificar. IBM X-Force ID: 96721. • https://exchange.xforce.ibmcloud.com/vulnerabilities/96721 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-8918
https://notcve.org/view.php?id=CVE-2014-8918
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información información sensible a través de un certificado manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 https://exchange.xforce.ibmcloud.com/vulnerabilities/99304 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2014-6136
https://notcve.org/view.php?id=CVE-2014-6136
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 soporta sesiones no codificadas, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 https://exchange.xforce.ibmcloud.com/vulnerabilities/96816 • CWE-310: Cryptographic Issues •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6123
https://notcve.org/view.php?id=CVE-2014-6123
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. IBM Rational AppScan Source 8.0 a través de 8.0.0.2 y 8.5 a través de 8.5.0.1 y Security AppScan Source 8.6 a través de 8.6.0.2, 8.7 a través de 8.7.0.1, 8.8, 9.0 a través de 9.0.0.1, y 9.0.1 permite a usuarios locales obtener información sensible de credenciales leyendo logs de instalación. • http://www-01.ibm.com/support/docview.wss?uid=swg21692999 https://exchange.xforce.ibmcloud.com/vulnerabilities/96724 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 1.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-4812
https://notcve.org/view.php?id=CVE-2014-4812
The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. El instalador en IBM Security AppScan Source 8.x y 9.x hasta 9.0.1 tiene un puerto de red abierta para un servicio de depuración, lo que permite a atacantes remotos obtener información sensible mediante la conexión a este puerto. • http://www-01.ibm.com/support/docview.wss?uid=swg21686844 https://exchange.xforce.ibmcloud.com/vulnerabilities/95388 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •