Vulnerability Description
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Appscan | >= 8.0.0.0, < 8.6.0.2 |
| Linux | Linux Kernel | All versions |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21682642Broken Link
- http://www.securityfocus.com/bid/69435Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95354VDB EntryVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21682642Broken Link
- http://www.securityfocus.com/bid/69435Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95354VDB EntryVendor Advisory
FAQ
What is CVE-2014-4806?
CVE-2014-4806 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places...
How severe is CVE-2014-4806?
CVE-2014-4806 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4806?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Appscan, Linux Linux Kernel.