CVE-2014-6136 — MEDIUM (5.0)

Vulnerability Description

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Security Appscan	8.0.0.0

Related Weaknesses (CWE)

CWE-310

References

http://www-01.ibm.com/support/docview.wss?uid=swg21695170Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96816
http://www-01.ibm.com/support/docview.wss?uid=swg21695170Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/96816

FAQ

What is CVE-2014-6136?

CVE-2014-6136 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network.

How severe is CVE-2014-6136?

CVE-2014-6136 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-6136?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Appscan.