CVE Vulnerabilities

CVE-2014-8918

Published: Feb 02, 2015 | Modified: Sep 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Affected Software

Name Vendor Start Version End Version
Security_appscan Ibm 8.7.0.1 8.7.0.1
Security_appscan Ibm 9.0.0.1 9.0.0.1
Security_appscan Ibm 8.7.0.0 8.7.0.0
Security_appscan Ibm 8.0.0.2 8.0.0.2
Security_appscan Ibm 8.5.0.0 8.5.0.0
Security_appscan Ibm 9.0.1.1 9.0.1.1
Security_appscan Ibm 8.0.0.3 8.0.0.3
Security_appscan Ibm 9.0.1.0 9.0.1.0
Security_appscan Ibm 8.6.0.1 8.6.0.1
Security_appscan Ibm 8.6.0.0 8.6.0.0
Security_appscan Ibm 8.8.0.0 8.8.0.0
Security_appscan Ibm 8.0.0.0 8.0.0.0
Security_appscan Ibm 8.5.0.1 8.5.0.1
Security_appscan Ibm 8.0.0.1 8.0.0.1
Security_appscan Ibm 9.0.0.0 9.0.0.0

References