Cleartext Password Exposure in IBM Security AppScan Enterprise Installation Process

Cleartext Password Exposure in IBM Security AppScan Enterprise Installation Process

CVE-2014-4806 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.