Lucene search
+L
IbmRational Appscan

13 matches found

CVE
CVE
added 2012/05/03 1:0 a.m.54 views

CVE-2012-0731

CVE-2012-0731 affects IBM Rational AppScan Enterprise 5.x and 8.x prior to 8.5.0.1. The root cause is failure to prevent service-account impersonation, which could allow remote authenticated users to read arbitrary files through unspecified vectors. The known impact is read access to arbitrary fi...

6.8CVSS6.2AI score0.01281EPSS
CVE
CVE
added 2011/10/30 10:0 a.m.51 views

CVE-2011-1367

CVE-2011-1367 concerns IBM Rational AppScan Standard/Express (versions 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3). The vulnerability is described as an unspecified issue in the File Load feature that allows remote attackers to execute arbitrary commands via a crafted .scan file. Connected sources re...

9.3CVSS7.6AI score0.03628EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.51 views

CVE-2012-0734

IBM Rational AppScan Enterprise 5.x and 8.x prior to 8.5.0.1 are affected by an issue where jobs import is not handled correctly, allowing a man-in-the-middle to obtain sensitive information or cause unspecified impact via a crafted job. The vulnerability is described in CVE-2012-0734 with a CVSS...

7.6CVSS6.7AI score0.01303EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.50 views

CVE-2012-0730

CVE-2012-0730 affects IBM Rational AppScan Enterprise 5.x and 8.x prior to 8.5.0.1. The issue is a cross-site request forgery (CSRF) that enables remote attackers to hijack administrator authentication and perform requests that create additional administrative accounts. This is described across m...

6CVSS7.2AI score0.00536EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.48 views

CVE-2012-0736

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 are affected by a vulnerability where improper scan job creation allows a remote attacker to execute arbitrary code via a crafted web site. The issue stems from incorrect scan job creation logic. A patch is available: upgrade to IBM Ratio...

9.3CVSS7.7AI score0.02892EPSS
CVE
CVE
added 2009/03/24 2:0 p.m.46 views

CVE-2009-1056

IBM Rational AppScan Enterprise prior to 5.5 FP1 is affected by CVE-2009-1056, where remote attackers can read arbitrary exported reports by forcefully browsing. Affected software is stated as IBM Rational AppScan Enterprise before 5.5 FP1; root cause is not elaborated beyond the ability to read ...

5CVSS6.7AI score0.01442EPSS
CVE
CVE
added 2009/10/22 3:26 p.m.46 views

CVE-2009-3745

CVE-2009-3745 is a cross-site scripting (XSS) vulnerability affecting IBM Rational AppScan Enterprise Edition 5.5.0.2, exposed via the help pages. The issue arises from improper handling of user-supplied input in the query string, allowing remote attackers to inject arbitrary web script or HTML. ...

4.3CVSS5.5AI score0.01285EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.44 views

CVE-2012-0733

CVE-2012-0733 affects IBM Rational AppScan Enterprise versions 5.x and 8.x prior to 8.5.0.1. When Integrated Windows authentication is enabled, remote authenticated users can hijack a session associated with the service account to obtain administrative privileges. The issue is rooted in how sessi...

6CVSS6.4AI score0.01129EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.43 views

CVE-2012-0735

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 are affected by CVE-2012-0735 due to improper scanning of file: URLs, which can allow a man-in-the-middle to obtain sensitive information via a crafted URI. The impact is information disclosure and potential unspecified additional impact....

7.6CVSS6.7AI score0.01303EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.43 views

CVE-2012-0737

CVE-2012-0737 describes a cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise, impacting versions 5.x and 8.x before 8.5.0.1. The flaw allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. The provided documents do not specify th...

3.5CVSS5.2AI score0.00946EPSS
CVE
CVE
added 2011/10/30 10:0 a.m.42 views

CVE-2011-1366

CVE-2011-1366 affects IBM Rational AppScan Enterprise and AppScan Reporting Console versions 5.2 through 7.9.x and 8.x prior to 8.0.1.1. The issue is described as an unspecified vulnerability in the Import feature that lets remote attackers execute arbitrary commands on an agent server via a craf...

8.8CVSS7.6AI score0.02034EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.40 views

CVE-2012-0729

The CVE concerns an unrestricted file upload in IBM Rational AppScan Enterprise (versions 5.x and 8.x prior to 8.5.0.1). The underlying issue allows remote authenticated users to upload a .aspx file and subsequently access it through unspecified vectors to execute arbitrary ASP.NET code. Affected...

6CVSS7.2AI score0.01067EPSS
CVE
CVE
added 2012/05/03 1:0 a.m.38 views

CVE-2012-0732

IBM Rational AppScan Enterprise’s Enterprise Console client (versions 5.x and 8.x prior to 8.5.0.1) does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Impact is information disclosu...

5.8CVSS5.8AI score0.00642EPSS