Lucene search

[email protected]CVE-2012-0738

HistoryDec 28, 2012 - 11:48 a.m.

CVE-2012-0738

2012-12-2811:48:44

CWE-20

[email protected]

web.nvd.nist.gov

ibm

security

appscan

rational

policy tester

x.509

certificate validation

ssl

man-in-the-middle

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.5%

JSON

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

Affected configurations

NVD

Node

ibmsecurity_appscanMatch6.0.0.0-enterprise

ibmsecurity_appscanMatch6.0.1.0-enterprise

ibmsecurity_appscanMatch6.0.2.0-enterprise

ibmsecurity_appscanMatch6.1.1.0-enterprise

ibmsecurity_appscanMatch8.0.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.1-enterprise

ibmsecurity_appscanMatch8.5.0.0-enterprise

ibmsecurity_appscanMatch8.5.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.0-enterprise

Node

ibmrational_policy_testerRange≤8.5.0.2

ibmrational_policy_testerMatch5.5.0.0

ibmrational_policy_testerMatch5.5.0.1

ibmrational_policy_testerMatch5.5.0.2

ibmrational_policy_testerMatch5.6.0.0

ibmrational_policy_testerMatch5.6.0.1

ibmrational_policy_testerMatch5.6.0.2

ibmrational_policy_testerMatch5.6.0.3

ibmrational_policy_testerMatch8.0.0.0

ibmrational_policy_testerMatch8.0.0.1

ibmrational_policy_testerMatch8.0.0.2

ibmrational_policy_testerMatch8.0.1.0

ibmrational_policy_testerMatch8.0.1.1

ibmrational_policy_testerMatch8.5.0.0

ibmrational_policy_testerMatch8.5.0.1

ibmsecurity_appscanRange≤8.6.0.1-enterprise

CPENameOperatorVersion
ibm:security_appscanibm security appscaneq6.0.0.0
ibm:security_appscanibm security appscaneq6.0.1.0
ibm:security_appscanibm security appscaneq6.0.2.0
ibm:security_appscanibm security appscaneq6.1.1.0
ibm:security_appscanibm security appscaneq8.0.0.0
ibm:security_appscanibm security appscaneq8.0.0.1
ibm:security_appscanibm security appscaneq8.5.0.0
ibm:security_appscanibm security appscaneq8.5.0.1
ibm:security_appscanibm security appscaneq8.6.0.0

CPE	Name	Operator	Version
ibm:security_appscan	ibm security appscan	eq	6.0.0.0
ibm:security_appscan	ibm security appscan	eq	6.0.1.0
ibm:security_appscan	ibm security appscan	eq	6.0.2.0
ibm:security_appscan	ibm security appscan	eq	6.1.1.0
ibm:security_appscan	ibm security appscan	eq	8.0.0.0
ibm:security_appscan	ibm security appscan	eq	8.0.0.1
ibm:security_appscan	ibm security appscan	eq	8.5.0.0
ibm:security_appscan	ibm security appscan	eq	8.5.0.1
ibm:security_appscan	ibm security appscan	eq	8.6.0.0

References

www-01.ibm.com/support/docview.wss?uid=swg21620759

www-01.ibm.com/support/docview.wss?uid=swg21620760

exchange.xforce.ibmcloud.com/vulnerabilities/74578

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for CVE-2012-0738

cvelist1 prion1 nvd1