CVE-2014-0904

IBM Security AppScan Standard 7.9-8.8 - Remote Code Execution via Unsigned Update File

Title source: llm
STIX 2.1

Description

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21666775
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91536

Scores

EPSS 0.0305
EPSS Percentile 86.0%

Details

CWE
CWE-20
Status published
Products (6)
ibm/security_appscan 7.9
ibm/security_appscan 8.0
ibm/security_appscan 8.5
ibm/security_appscan 8.6
ibm/security_appscan 8.7
ibm/security_appscan 8.8
Published Mar 26, 2014
Tracked Since Feb 18, 2026