Lucene search
HistoryOct 25, 2013 - 8:55 p.m.
CVE-2013-3989
ibm
security
appscan
enterprise
nvd
cve-2013-3989
database
password
cleartext
remote
authenticated
sensitive information
man-in-the-middle attack
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
35.1%
IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
Affected configurations
Node
ibmsecurity_appscanMatch8.0.0.0-enterprise
ORibmsecurity_appscanMatch8.0.0.1-enterprise
ORibmsecurity_appscanMatch8.0.0.2-enterprise
ORibmsecurity_appscanMatch8.0.1.0-enterprise
ORibmsecurity_appscanMatch8.0.1.1-enterprise
ORibmsecurity_appscanMatch8.0.11-enterprise
ORibmsecurity_appscanMatch8.5.0.0-enterprise
ORibmsecurity_appscanMatch8.5.0.1-enterprise
ORibmsecurity_appscanMatch8.6.0.0-enterprise
ORibmsecurity_appscanMatch8.6.0.1-enterprise
ORibmsecurity_appscanMatch8.6.0.2-enterprise
ORibmsecurity_appscanMatch8.7.0.0-enterprise
ORibmsecurity_appscanMatch8.7.0.1-enterprise
Related
nvd
nvd
CVE-2013-3989
2013-10-25 20:55:03
prion
prion
Code injection
2013-10-25 20:55:00
cvelist
cvelist
CVE-2013-3989
2013-10-25 20:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
35.1%
Related for CVE-2013-3989