Skip to main content

Security Appscan Source

13 CVEs product

Monthly

CVE-2016-3035 MEDIUM PATCH This Month

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-3034 MEDIUM PATCH This Month

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2014-6123 LOW Monitor

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Appscan Source Security Appscan Source
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6135 MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Appscan Security Appscan Source
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6122 MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Security Appscan Security Appscan Source
NVD
CVSS 2.0
5.5
EPSS
1.3%
CVE-2014-6121 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan Security Appscan Source
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6119 CRITICAL Act Now

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM RCE Code Injection Security Appscan Security Appscan Source
NVD
CVSS 2.0
9.3
EPSS
9.9%
CVE-2014-4812 LOW Monitor

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to. Rated low severity (CVSS 1.8). No vendor patch available.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 2.0
1.8
EPSS
0.1%
CVE-2014-3072 HIGH PATCH This Week

Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-0936 MEDIUM This Month

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows. Rated medium severity (CVSS 4.3). No vendor patch available.

IBM Privilege Escalation Security Appscan Source
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2173 MEDIUM This Month

The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Appscan Source
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2012-2161 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan Source Spss Data Collection
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2159 MEDIUM This Month

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Security Appscan Source Spss Data Collection
NVD
CVSS 2.0
5.8
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Appscan Source
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
EPSS 0% CVSS 2.1
LOW Monitor

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Appscan Source +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Appscan +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Security Appscan +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan +1
NVD
EPSS 10% CVSS 9.3
CRITICAL Act Now

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM RCE Code Injection +2
NVD
EPSS 0% CVSS 1.8
LOW Monitor

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to. Rated low severity (CVSS 1.8). No vendor patch available.

IBM Information Disclosure Security Appscan Source
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

IBM Information Disclosure Security Appscan Source
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows. Rated medium severity (CVSS 4.3). No vendor patch available.

IBM Privilege Escalation Security Appscan Source
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Appscan Source
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan Source +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Security Appscan Source +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy