IBM Security AppScan Enterprise 8.x prior to 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm security appscan 8.0.0.0 |
||
ibm security appscan 8.6.0.0 |
||
ibm security appscan 8.6.0.1 |
||
ibm security appscan 8.0.1.0 |
||
ibm security appscan 8.0.1.1 |
||
ibm security appscan 8.0.11 |
||
ibm security appscan 8.7.0.1 |
||
ibm security appscan 8.0.0.1 |
||
ibm security appscan 8.0.0.2 |
||
ibm security appscan 8.6.0.2 |
||
ibm security appscan 8.7.0.0 |
||
ibm security appscan 8.5.0.0 |
||
ibm security appscan 8.5.0.1 |