13 matches found
CVE-2012-0731
CVE-2012-0731 affects IBM Rational AppScan Enterprise 5.x and 8.x prior to 8.5.0.1. The root cause is failure to prevent service-account impersonation, which could allow remote authenticated users to read arbitrary files through unspecified vectors. The known impact is read access to arbitrary fi...
CVE-2011-1367
CVE-2011-1367 concerns IBM Rational AppScan Standard/Express (versions 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3). The vulnerability is described as an unspecified issue in the File Load feature that allows remote attackers to execute arbitrary commands via a crafted .scan file. Connected sources re...
CVE-2012-0734
IBM Rational AppScan Enterprise 5.x and 8.x prior to 8.5.0.1 are affected by an issue where jobs import is not handled correctly, allowing a man-in-the-middle to obtain sensitive information or cause unspecified impact via a crafted job. The vulnerability is described in CVE-2012-0734 with a CVSS...
CVE-2012-0730
CVE-2012-0730 affects IBM Rational AppScan Enterprise 5.x and 8.x prior to 8.5.0.1. The issue is a cross-site request forgery (CSRF) that enables remote attackers to hijack administrator authentication and perform requests that create additional administrative accounts. This is described across m...
CVE-2012-0736
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 are affected by a vulnerability where improper scan job creation allows a remote attacker to execute arbitrary code via a crafted web site. The issue stems from incorrect scan job creation logic. A patch is available: upgrade to IBM Ratio...
CVE-2009-1056
IBM Rational AppScan Enterprise prior to 5.5 FP1 is affected by CVE-2009-1056, where remote attackers can read arbitrary exported reports by forcefully browsing. Affected software is stated as IBM Rational AppScan Enterprise before 5.5 FP1; root cause is not elaborated beyond the ability to read ...
CVE-2009-3745
CVE-2009-3745 is a cross-site scripting (XSS) vulnerability affecting IBM Rational AppScan Enterprise Edition 5.5.0.2, exposed via the help pages. The issue arises from improper handling of user-supplied input in the query string, allowing remote attackers to inject arbitrary web script or HTML. ...
CVE-2012-0733
CVE-2012-0733 affects IBM Rational AppScan Enterprise versions 5.x and 8.x prior to 8.5.0.1. When Integrated Windows authentication is enabled, remote authenticated users can hijack a session associated with the service account to obtain administrative privileges. The issue is rooted in how sessi...
CVE-2012-0735
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 are affected by CVE-2012-0735 due to improper scanning of file: URLs, which can allow a man-in-the-middle to obtain sensitive information via a crafted URI. The impact is information disclosure and potential unspecified additional impact....
CVE-2012-0737
CVE-2012-0737 describes a cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise, impacting versions 5.x and 8.x before 8.5.0.1. The flaw allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. The provided documents do not specify th...
CVE-2011-1366
CVE-2011-1366 affects IBM Rational AppScan Enterprise and AppScan Reporting Console versions 5.2 through 7.9.x and 8.x prior to 8.0.1.1. The issue is described as an unspecified vulnerability in the Import feature that lets remote attackers execute arbitrary commands on an agent server via a craf...
CVE-2012-0729
The CVE concerns an unrestricted file upload in IBM Rational AppScan Enterprise (versions 5.x and 8.x prior to 8.5.0.1). The underlying issue allows remote authenticated users to upload a .aspx file and subsequently access it through unspecified vectors to execute arbitrary ASP.NET code. Affected...
CVE-2012-0732
IBM Rational AppScan Enterprise’s Enterprise Console client (versions 5.x and 8.x prior to 8.5.0.1) does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Impact is information disclosu...