IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Security_appscan | Ibm | 8.0.0.0 (including) | 8.0.0.0 (including) |
Security_appscan | Ibm | 8.0.0.1 (including) | 8.0.0.1 (including) |
Security_appscan | Ibm | 8.0.0.2 (including) | 8.0.0.2 (including) |
Security_appscan | Ibm | 8.0.1.0 (including) | 8.0.1.0 (including) |
Security_appscan | Ibm | 8.0.1.1 (including) | 8.0.1.1 (including) |
Security_appscan | Ibm | 8.0.11 (including) | 8.0.11 (including) |
Security_appscan | Ibm | 8.5.0.0 (including) | 8.5.0.0 (including) |
Security_appscan | Ibm | 8.5.0.1 (including) | 8.5.0.1 (including) |
Security_appscan | Ibm | 8.6.0.0 (including) | 8.6.0.0 (including) |
Security_appscan | Ibm | 8.6.0.1 (including) | 8.6.0.1 (including) |
Security_appscan | Ibm | 8.6.0.2 (including) | 8.6.0.2 (including) |
Security_appscan | Ibm | 8.7.0.0 (including) | 8.7.0.0 (including) |
Security_appscan | Ibm | 8.7.0.1 (including) | 8.7.0.1 (including) |