Security Appscan Source Security Vulnerabilities and Issues — Security Appscan Source CVE List

Lucene search

IbmSecurity Appscan Source

4 matches found

CVE•added 2012/06/20 10:27 a.m.•45 views

CVE-2012-2161

Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted UR...

4.3CVSS5.3AI score0.0035EPSS

CVE•added 2017/02/01 8:59 p.m.•38 views

CVE-2016-3034

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

4.4CVSS4.4AI score0.00024EPSS

CVE•added 2014/12/23 2:59 a.m.•35 views

CVE-2014-6135

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3CVSS6.7AI score0.00246EPSS

CVE•added 2014/06/08 11:55 p.m.•32 views

CVE-2014-0936

IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS6.2AI score0.00237EPSS