CVE-2013-3989

IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.

Affected Software

Name	Vendor	Start Version	End Version
Security_appscan	Ibm	8.0.0.0 (including)	8.0.0.0 (including)
Security_appscan	Ibm	8.0.0.1 (including)	8.0.0.1 (including)
Security_appscan	Ibm	8.0.0.2 (including)	8.0.0.2 (including)
Security_appscan	Ibm	8.0.1.0 (including)	8.0.1.0 (including)
Security_appscan	Ibm	8.0.1.1 (including)	8.0.1.1 (including)
Security_appscan	Ibm	8.0.11 (including)	8.0.11 (including)
Security_appscan	Ibm	8.5.0.0 (including)	8.5.0.0 (including)
Security_appscan	Ibm	8.5.0.1 (including)	8.5.0.1 (including)
Security_appscan	Ibm	8.6.0.0 (including)	8.6.0.0 (including)
Security_appscan	Ibm	8.6.0.1 (including)	8.6.0.1 (including)
Security_appscan	Ibm	8.6.0.2 (including)	8.6.0.2 (including)
Security_appscan	Ibm	8.7.0.0 (including)	8.7.0.0 (including)
Security_appscan	Ibm	8.7.0.1 (including)	8.7.0.1 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-3989
CWE	https://cwe.mitre.org/data/definitions/310.html

Affected Software

References