Vulnerability Name: CVE-2014-6135 (CCN-96815) Assigned: 2014-12-17 Published: 2014-12-17 Updated: 2017-09-08 Summary: IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2014-6135 http://www-01.ibm.com/support/docview.wss?uid=swg21693035 Multiple vulnerabilities in AppScan Enterprise (CVE-2014-6135, CVE-2014-6119, CVE-2014-6122, CVE-2014-6121, CVE-2013-2566) AppScan Standard can be affected by multiple vulnerabilities (CVE-2014-6135, CVE-2014-6136, CVE-2014-8918) 1031427 ibm-appscan-cve20146135-clickjacking(96815) ibm-appscan-cve20146135-clickjacking(96815) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:security_appscan:8.5:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:security_appscan:8.6:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:security_appscan:8.7:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:security_appscan:8.8:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:security_appscan:9.0:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:security_appscan:9.0.0.1:*:*:*:enterprise:*:*:* OR cpe:/a:ibm:security_appscan_source:9.0.1:*:*:*:enterprise:*:*:* Configuration CCN 1 :cpe:/a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:* AND cpe:/a:ibm:security_appscan:8.7:-:standard:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.8:-:standard:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.5:-:standard:*:*:*:*:* OR cpe:/a:ibm:security_appscan:9.0:*:standard:*:*:*:*:* OR cpe:/a:ibm:security_appscan:9.0.1.0:*:standard:*:*:*:*:* BACK
ibm security appscan 8.5
ibm security appscan 8.6
ibm security appscan 8.7
ibm security appscan 8.8
ibm security appscan 9.0
ibm security appscan 9.0.0.1
ibm security appscan source 9.0.1
ibm security appscan 8.5.0.0 -
ibm security appscan 8.6.0.0 -
ibm security appscan 8.7.0.0 -
ibm security appscan 8.7 -
ibm security appscan 8.8 -
ibm security appscan 8.5 -
ibm security appscan 9.0
ibm security appscan 9.0.1.0
Denotes that component is vulnerable