Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8918

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2014-8918
Last Modified 02 Feb 2015 10:57:37
Published 01 Feb 2015 08:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8918

Summary

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Vulnerable Systems

Application

  • Ibm Security Appscan 8.0.0.0

  • Ibm Security Appscan 8.0.0.1

  • Ibm Security Appscan 8.0.0.2

  • Ibm Security Appscan 8.0.0.3

  • Ibm Security Appscan 8.5.0.0

  • Ibm Security Appscan 8.5.0.1

  • Ibm Security Appscan 8.6.0.0

  • Ibm Security Appscan 8.6.0.1

  • Ibm Security Appscan 8.7.0.0

  • Ibm Security Appscan 8.7.0.1

  • Ibm Security Appscan 8.8.0.0

  • Ibm Security Appscan 9.0.0.0

  • Ibm Security Appscan 9.0.0.1

  • Ibm Security Appscan 9.0.1.0

  • Ibm Security Appscan 9.0.1.1


References

XF - ibm-appscan-cve20148918-sec-bypass(99304)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21695170


Last Updated: 27 May 2016 11:07:40