Rational Appscan Security Vulnerabilities and Issues — Rational Appscan CVE List

Lucene search

IbmRational Appscan

13 matches found

CVE•added 2011/10/30 10:55 a.m.•37 views

CVE-2011-1367

Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.

9.3CVSS7.6AI score0.01151EPSS

CVE•added 2012/05/03 4:8 a.m.•37 views

CVE-2012-0730

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6CVSS7.2AI score0.00124EPSS

CVE•added 2009/03/24 2:30 p.m.•36 views

CVE-2009-1056

IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."

5CVSS6.7AI score0.00503EPSS

CVE•added 2012/05/03 4:8 a.m.•36 views

CVE-2012-0736

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.

9.3CVSS7.7AI score0.03831EPSS

CVE•added 2012/05/03 4:8 a.m.•33 views

CVE-2012-0733

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.

6CVSS6.4AI score0.00411EPSS

CVE•added 2012/05/03 4:8 a.m.•33 views

CVE-2012-0734

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.

7.6CVSS6.7AI score0.00516EPSS

CVE•added 2011/10/30 10:55 a.m.•32 views

CVE-2011-1366

Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.

8.8CVSS7.6AI score0.00945EPSS

CVE•added 2012/05/03 4:8 a.m.•32 views

CVE-2012-0731

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.

6.8CVSS6.2AI score0.00275EPSS

CVE•added 2009/10/22 4:0 p.m.•31 views

CVE-2009-3745

Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3CVSS5.5AI score0.00463EPSS

CVE•added 2012/05/03 4:8 a.m.•31 views

CVE-2012-0735

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.

7.6CVSS6.7AI score0.00516EPSS

CVE•added 2012/05/03 4:8 a.m.•27 views

CVE-2012-0729

Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.

6CVSS7.2AI score0.0048EPSS

CVE•added 2012/05/03 4:8 a.m.•27 views

CVE-2012-0732

The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8CVSS5.8AI score0.00181EPSS

CVE•added 2012/05/03 4:8 a.m.•27 views

CVE-2012-0737

Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00208EPSS