CVE-2014-4806
Summary
| CVE | CVE-2014-4806 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-08-29 09:55:00 UTC |
| Updated | 2021-06-11 14:47:00 UTC |
| Description | The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Security Appscan | All | All | All | All |
| Application | Ibm | Security Appscan | 8.0.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.0.2 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.1.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.1.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.11 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.5.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.5.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.6.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.6.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.6.0.2 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.7.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.7.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.8.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.8.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 9.0.0.0 | All | All | All |
| Application | Ibm | Security Appscan | 9.0.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 9.0.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.0.2 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.1.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.1.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.0.11 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.5.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.5.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.6.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.6.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.6.0.2 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.7.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.7.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.8.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 8.8.0.1 | - | enterprise | All |
| Application | Ibm | Security Appscan | 9.0.0.0 | - | enterprise | All |
| Application | Ibm | Security Appscan | 9.0.0.1 | - | enterprise | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| IBM notice: The page you requested cannot be displayed | CONFIRM | www-01.ibm.com | Vendor Advisory |
| IBM Security AppScan Enterprise CVE-2014-4806 Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.