CVE-2014-4806

MEDIUM

IBM Security AppScan Enterprise <9.0.0.1 - Info Disclosure

Title source: llm

Description

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

References (3)

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 18.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status draft

Affected Products (1)

ibm/security_appscan < 8.6.0.2

Timeline

Published Aug 29, 2014
Tracked Since Feb 18, 2026