CVE-2014-3072

Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows local users to gain privileges by executing a crafted service.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21680537	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/93787
http://www-01.ibm.com/support/docview.wss?uid=swg21680537	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/93787

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:security_appscan_source:8.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.5:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.6.0.2:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.7.0.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.7.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:8.8:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0.0.1:::::::*

History

No history.

Information

Published : 2014-08-12 14:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-3072

Mitre link : CVE-2014-3072

CVE.ORG link : CVE-2014-3072

JSON object : View

Products Affected

ibm

security_appscan_source

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-3072", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-12T14:55:03.900", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680537", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93787", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680537", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93787", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows local users to gain privileges by executing a crafted service."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Automation Server en IBM Security AppScan Source 8 hasta 8.0.0.2, 8.5 hasta 8.5.0.1, 8.6 hasta 8.6.0.2, 8.7 hasta 8.7.0.1, 8.8, y 9.0 hasta 9.0.0.1 permite a usuarios locales ganar privilegios mediante la ejecuci\u00f3n de un servicio manipulado."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B37DEF-109F-4769-901C-DD8B33DEA054"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA1883D-1576-43B9-904A-536C0C249112"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6990B7A5-3C72-494B-A512-23E508B71CE4"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C721146-29F1-4785-B6D6-D43389B6CD2D"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01378605-9438-4967-82CD-1849FADD3C60"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0650525D-E729-4354-A882-7A30D366D629"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B7AF5D9-1133-4B13-88F5-3236A749974C"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1D7784D-5DAA-455F-84D1-E97F6BD2357E"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E024F44-EC78-472F-B186-DF5E882D1217"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F890EA4-7122-4AD1-B0C2-1F6D8B67D021"}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A675CE2C-9B2D-43A2-BAC5-C7644F1E08CD"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}