Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2173

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2173
Last Modified 20 Jun 2012 12:00:00
Published 20 Jun 2012 06:27:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2173

Summary

The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Systems

Application

  • Ibm Security Appscan Source 7.0

  • Ibm Security Appscan Source 8.0

  • Ibm Security Appscan Source 8.0.0.1

  • Ibm Security Appscan Source 8.0.0.2

  • Ibm Security Appscan Source 8.5

  • Ibm Security Appscan Source 8.5.0.1


References

XF - appscansource-soliddbpass-weak-security(75242)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21598423


Last Updated: 27 May 2016 10:56:32