Vulnerabilities > IBM > Security Appscan Source > 8.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-12 | CVE-2014-6120 | Command Injection vulnerability in IBM Rational Appscan Source and Security Appscan Source IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. | 10.0 |
| 2014-12-29 | CVE-2014-6123 | Information Exposure vulnerability in IBM Rational Appscan Source and Security Appscan Source IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. | 2.1 |
| 2014-10-26 | CVE-2014-4812 | Information Exposure vulnerability in IBM Security Appscan Source The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. | 1.8 |
| 2014-08-12 | CVE-2014-3072 | Local Privilege Escalation vulnerability in IBM Security AppScan Source Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows local users to gain privileges by executing a crafted service. | 7.2 |
| 2014-06-08 | CVE-2014-0936 | Permissions, Privileges, and Access Controls vulnerability in IBM Security Appscan Source IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |