Skip to main content

Security Appscan Source CVE-2016-3035

MEDIUM
Information Exposure (CWE-200)
2017-02-01 psirt@us.ibm.com
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 01, 2017 - 20:59 cve.org
MEDIUM 5.3

DescriptionCVE.org

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server.

AnalysisAI

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Affected products include: Ibm Security Appscan Source.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2014-6119 CRITICAL
9.3 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

CVE-2014-3072 HIGH
7.2 Aug 12

Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1

CVE-2012-2159 MEDIUM
5.8 Jun 20

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before

CVE-2014-6122 MEDIUM
5.5 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

CVE-2012-2173 MEDIUM
5.0 Jun 20

The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password dur

CVE-2016-3034 MEDIUM
4.4 Feb 01

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local a

CVE-2012-2161 MEDIUM
4.3 Jun 20

Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security

CVE-2014-6135 MEDIUM
4.3 Dec 23

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.

CVE-2014-0936 MEDIUM
4.3 Jun 08

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the c

CVE-2014-6121 LOW
3.5 Dec 23

Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix

CVE-2014-6123 LOW
2.1 Dec 29

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2,

CVE-2014-4812 LOW
1.8 Oct 26

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, whi

Share

CVE-2016-3035 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy