CVE-2014-4806

MEDIUM Year: 2014
CVSS v3 Score
5.5
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-522
View all →

Vulnerability Description

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

Related Vulnerabilities

CVE-2010-4178

MEDIUM
CVSS:5.5(Medium)

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

CWE-5222010

CVE-2012-5527

MEDIUM
CVSS:5.5(Medium)

Claws Mail vCalendar plugin: credentials exposed on interface

CWE-5222012

CVE-2013-4423

MEDIUM
CVSS:5.5(Medium)

CloudForms stores user passwords in recoverable format

CWE-5222013

CVE-2014-0241

MEDIUM
CVSS:5.5(Medium)

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

CWE-5222014

CVE-2014-1423

MEDIUM
CVSS:5.5(Medium)

signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the sig...

CWE-5222014

CVE-2014-4659

MEDIUM
CVSS:5.5(Medium)

Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "de...

CWE-5222014