CVSS 5.5 · MEDIUM
CVE-2014-4806
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.
View on NVDSeverity
Score: 5.5(MEDIUM)
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NAV: LOCAL
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Weakness (CWE):
CWE-522EPSS
Probability of exploitation (next 30 days): 0.0006 (0.1%)
Percentile: 18.0%
EPSS: 2026-05-06
Affects
ibm:security_appscanlinux:linux_kernelTechnical description
The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.
Published: 8/29/2014, 9:55:08 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21682642
- http://www.securityfocus.com/bid/69435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95354
- http://www-01.ibm.com/support/docview.wss?uid=swg21682642
- http://www.securityfocus.com/bid/69435
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95354