CVSS: 10.0EPSS: 4%CPEs: 14EXPL: 0CVE-2014-6120
https://notcve.org/view.php?id=CVE-2014-6120
12 Apr 2018 — IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. IBM Rational AppScan Source 8.0 hasta la versión 8.0.0.2 y 8.5 hasta la versión 8.5.0.1; y Security AppScan Source 8.6 hasta la versión 8.6.0.2, 8.7 hasta la versión 8.7.0.1, 8.8, 9.0 hasta la versión 9.0.0... • https://exchange.xforce.ibmcloud.com/vulnerabilities/96721 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6123
https://notcve.org/view.php?id=CVE-2014-6123
29 Dec 2014 — IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. IBM Rational AppScan Source 8.0 a través de 8.0.0.2 y 8.5 a través de 8.5.0.1 y Security AppScan Source 8.6 a través de 8.6.0.2, 8.7 a través de 8.7.0.1, 8.8, 9.0 a través de 9.0.0.1, y 9.0.1 permite a usuarios locales obtener información sens... • http://www-01.ibm.com/support/docview.wss?uid=swg21692999 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-4812
https://notcve.org/view.php?id=CVE-2014-4812
26 Oct 2014 — The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. El instalador en IBM Security AppScan Source 8.x y 9.x hasta 9.0.1 tiene un puerto de red abierta para un servicio de depuración, lo que permite a atacantes remotos obtener información sensible mediante la conexión a este puerto. • http://www-01.ibm.com/support/docview.wss?uid=swg21686844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3072
https://notcve.org/view.php?id=CVE-2014-3072
12 Aug 2014 — Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows local users to gain privileges by executing a crafted service. Vulnerabilidad no especificada en Automation Server en IBM Security AppScan Source 8 hasta 8.0.0.2, 8.5 hasta 8.5.0.1, 8.6 hasta 8.6.0.2, 8.7 hasta 8.7.0.1, 8.8, y 9.0 hasta 9.0.0.1 permite a usuarios locales ganar privilegios mediante la ejecución ... • http://www-01.ibm.com/support/docview.wss?uid=swg21680537 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0936
https://notcve.org/view.php?id=CVE-2014-0936
08 Jun 2014 — IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Security AppScan Source 8.0 hasta 9.0, cuando permiso 'publicar asesoramiento' no está restringido debidamente para el servidor de base de datos configurado, transmite datos de asesoramiento en texto claro, lo que permite a atacantes rem... • http://www-01.ibm.com/support/docview.wss?uid=swg21674750 • CWE-264: Permissions, Privileges, and Access Controls CWE-310: Cryptographic Issues •