CVE-2014-4806

EUVD-2014-4725
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_appscan
8.0.0.0 ≤
𝑥
< 8.6.0.2
ibmsecurity_appscan
8.7.0.0 ≤
𝑥
< 8.7.0.1
ibmsecurity_appscan
8.8.0.0 ≤
𝑥
< 8.8.0.1
ibmsecurity_appscan
9.0.0.0 ≤
𝑥
< 9.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21682642
http://www.securityfocus.com/bid/69435
https://exchange.xforce.ibmcloud.com/vulnerabilities/95354
http://www-01.ibm.com/support/docview.wss?uid=swg21682642
http://www.securityfocus.com/bid/69435
https://exchange.xforce.ibmcloud.com/vulnerabilities/95354