CVE-2014-4806
First published: Fri Aug 29 2014(Updated: )
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security AppScan | >=8.0.0.0<8.6.0.2 | |
| IBM Security AppScan | >=8.7.0.0<8.7.0.1 | |
| IBM Security AppScan | >=8.8.0.0<8.8.0.1 | |
| IBM Security AppScan | >=9.0.0.0<9.0.0.1 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm security appscan
- version/ibm security appscan/8.0.0.0
- version/ibm security appscan/8.7.0.0
- version/ibm security appscan/8.8.0.0
- version/ibm security appscan/9.0.0.0
- vendor/linux
- canonical/linux linux kernel