Skip to main content

Security Appscan Source CVE-2016-3034

MEDIUM
Inadequate Encryption Strength (CWE-326)
2017-02-01 psirt@us.ibm.com
4.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 01, 2017 - 20:59 cve.org
MEDIUM 4.4

DescriptionCVE.org

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

AnalysisAI

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-326. IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. Affected products include: Ibm Security Appscan Source.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-6119 CRITICAL
9.3 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

CVE-2014-3072 HIGH
7.2 Aug 12

Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1

CVE-2012-2159 MEDIUM
5.8 Jun 20

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before

CVE-2014-6122 MEDIUM
5.5 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

CVE-2016-3035 MEDIUM
5.3 Feb 01

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Rated medium

CVE-2012-2173 MEDIUM
5.0 Jun 20

The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password dur

CVE-2012-2161 MEDIUM
4.3 Jun 20

Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security

CVE-2014-6135 MEDIUM
4.3 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

CVE-2014-0936 MEDIUM
4.3 Jun 08

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the c

CVE-2014-6121 LOW
3.5 Dec 23

Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix

CVE-2014-6123 LOW
2.1 Dec 29

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2,

CVE-2014-4812 LOW
1.8 Oct 26

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, whi

Share

CVE-2016-3034 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy