CVE-2014-0904
IBM Security AppScan Standard 7.9-8.8 - Remote Code Execution via Unsigned Update File
Title source: llmDescription
The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21666775
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91536
Scores
EPSS
0.0305
EPSS Percentile
86.0%
Details
CWE
CWE-20
Status
published
Products (6)
ibm/security_appscan
7.9
ibm/security_appscan
8.0
ibm/security_appscan
8.5
ibm/security_appscan
8.6
ibm/security_appscan
8.7
ibm/security_appscan
8.8
Published
Mar 26, 2014
Tracked Since
Feb 18, 2026