IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. This only affects information stored in the AppScan Source database for local AppScan Source users. This does not affect users configured in AppScan Enterprise.
CVE(s): CVE-2016-3034
Affected product(s) and affected version(s):
IBM Security AppScan Source 9.0.1, 9.0.2, 9.0.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hTOkNc
X-Force Database: http://ift.tt/2hCkKPZ
from IBM Product Security Incident Response Team http://ift.tt/2hTNYWK
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.