CVE-2014-4812

The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.

CVSS v2.0 1.8 LOW

1.8^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 3.2 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21686844	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95388

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_appscan_source:8.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.5:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6.0.2:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.7:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.7.0.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.7.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.8:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0.1:::::::*

History

No history.

Information

Published : 2014-10-26 18:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-4812

Mitre link : CVE-2014-4812

CVE.ORG link : CVE-2014-4812

JSON object : View

Products Affected

ibm

security_appscan_source

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-4812", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.2, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-26T18:55:05.033", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686844", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95388", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port."}, {"lang": "es", "value": "El instalador en IBM Security AppScan Source 8.x y 9.x hasta 9.0.1 tiene un puerto de red abierta para un servicio de depuraci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la conexi\u00f3n a este puerto."}], "lastModified": "2017-08-29T01:35:08.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B37DEF-109F-4769-901C-DD8B33DEA054"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA1883D-1576-43B9-904A-536C0C249112"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6990B7A5-3C72-494B-A512-23E508B71CE4"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C721146-29F1-4785-B6D6-D43389B6CD2D"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01378605-9438-4967-82CD-1849FADD3C60"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0650525D-E729-4354-A882-7A30D366D629"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B205BA6C-A211-4D1D-B342-598B3057B642"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B7AF5D9-1133-4B13-88F5-3236A749974C"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1D7784D-5DAA-455F-84D1-E97F6BD2357E"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E024F44-EC78-472F-B186-DF5E882D1217"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F890EA4-7122-4AD1-B0C2-1F6D8B67D021"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A675CE2C-9B2D-43A2-BAC5-C7644F1E08CD"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CDCE5EF-CD70-4B37-818F-226BDC458233"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}