Vulnerability Description
The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.
CVSS Score
7.6
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Appscan | 7.9 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21666775Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91536
- http://www-01.ibm.com/support/docview.wss?uid=swg21666775Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91536
FAQ
What is CVE-2014-0904?
CVE-2014-0904 is a vulnerability with a CVSS score of 7.6 (HIGH). The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.
How severe is CVE-2014-0904?
CVE-2014-0904 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0904?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Appscan.