CVE-2016-3034 - OpenCVE

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Security Appscan Source

Configuration 1 [-]

OR	cpe:2.3:a:ibm:security_appscan_source:9.0.1:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0.2:::::::*
	cpe:2.3:a:ibm:security_appscan_source:9.0.3:::::::*

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=swg21995903	Patch Vendor Advisory
http://www.securityfocus.com/bid/95195	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2017-02-01T20:00:00

Updated: 2017-02-02T10:57:01

Reserved: 2016-03-09T00:00:00

Link: CVE-2016-3034

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-02-01T20:59:00.707

Modified: 2017-02-13T21:21:30.637

Link: CVE-2016-3034

JSON object: View

Redhat Information

No data.

CWE

CWE-326

{"containers": {"cna": {"affected": [{"product": "AppScan Source", "vendor": "IBM Corporation", "versions": [{"status": "affected", "version": "7.0"}, {"status": "affected", "version": "8.0"}, {"status": "affected", "version": "8.0.0.1"}, {"status": "affected", "version": "8.0.0.2"}, {"status": "affected", "version": "8.5"}, {"status": "affected", "version": "8.5.0.1"}, {"status": "affected", "version": "8.6"}, {"status": "affected", "version": "8.7"}, {"status": "affected", "version": "8.8"}, {"status": "affected", "version": "9.0"}, {"status": "affected", "version": "9.0.1"}, {"status": "affected", "version": "8.6.0.2"}, {"status": "affected", "version": "8.6.0.1"}, {"status": "affected", "version": "8.7.0.1"}, {"status": "affected", "version": "9.0.0.1"}, {"status": "affected", "version": "9.0.2"}, {"status": "affected", "version": "9.0.3.2"}, {"status": "affected", "version": "9.0.3"}, {"status": "affected", "version": "9.0.3.1"}, {"status": "affected", "version": "9.0.3.3"}, {"status": "affected", "version": "9.0.3.4"}, {"status": "affected", "version": "9.0.3.5"}]}], "datePublic": "2017-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily."}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-02-02T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995903"}, {"name": "95195", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95195"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-3034", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AppScan Source", "version": {"version_data": [{"version_value": "7.0"}, {"version_value": "8.0"}, {"version_value": "8.0.0.1"}, {"version_value": "8.0.0.2"}, {"version_value": "8.5"}, {"version_value": "8.5.0.1"}, {"version_value": "8.6"}, {"version_value": "8.7"}, {"version_value": "8.8"}, {"version_value": "9.0"}, {"version_value": "9.0.1"}, {"version_value": "8.6.0.2"}, {"version_value": "8.6.0.1"}, {"version_value": "8.7.0.1"}, {"version_value": "9.0.0.1"}, {"version_value": "9.0.2"}, {"version_value": "9.0.3.2"}, {"version_value": "9.0.3"}, {"version_value": "9.0.3.1"}, {"version_value": "9.0.3.3"}, {"version_value": "9.0.3.4"}, {"version_value": "9.0.3.5"}]}}]}, "vendor_name": "IBM Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=swg21995903", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21995903"}, {"name": "95195", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95195"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-3034", "datePublished": "2017-02-01T20:00:00", "dateReserved": "2016-03-09T00:00:00", "dateUpdated": "2017-02-02T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CDCE5EF-CD70-4B37-818F-226BDC458233", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "47D80C99-97BD-4D74-B146-675B20B0193F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:security_appscan_source:9.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "530DE7A6-01F8-4EB5-A395-A5B592BA100F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily."}, {"lang": "es", "value": "IBM AppScan Source usa un hash unidireccional sin salt para cifrar informaci\u00f3n altamente sensible , lo que podr\u00eda permitir a un atacante local descifrar informaci\u00f3n con mayor facilidad."}], "id": "CVE-2016-3034", "lastModified": "2017-02-13T21:21:30.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-02-01T20:59:00.707", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21995903"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95195"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}