Vulnerability Description
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Appscan Source | 8.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21674750Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92317
- http://www-01.ibm.com/support/docview.wss?uid=swg21674750Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92317
FAQ
What is CVE-2014-0936?
CVE-2014-0936 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows rem...
How severe is CVE-2014-0936?
CVE-2014-0936 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0936?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Appscan Source.