PT-2014-6126 · Ibm · Ibm Security Appscan Enterprise
Publicado
2014-08-29
·
Atualizado
2021-06-11
·
CVE-2014-4806
CVSS v2.0
2.1
Baixa
| Vetor | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security AppScan Enterprise versions 8.x through 8.6.0.2 iFix 002
IBM Security AppScan Enterprise versions 8.7.x through 8.7.0.1 iFix 002
IBM Security AppScan Enterprise versions 8.8.x through 8.8.0.1 iFix 001
IBM Security AppScan Enterprise versions 9.0.x through 9.0.0.1
Description
The installation process in IBM Security AppScan Enterprise on Linux places a cleartext password in a temporary file. This allows local users to obtain sensitive information by reading this file.
Recommendations
For versions 8.x through 8.6.0.2 iFix 002, update to 8.6.0.2 iFix 003 or later.
For versions 8.7.x through 8.7.0.1 iFix 002, update to 8.7.0.1 iFix 003 or later.
For versions 8.8.x through 8.8.0.1 iFix 001, update to 8.8.0.1 iFix 002 or later.
For versions 9.0.x through 9.0.0.1, update to 9.0.0.1 iFix 001 or later.
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Security Appscan Enterprise