Rational Appscan@8.5.0.0 Security Vulnerabilities and Issues — Rational Appscan@8.5.0.0 CVE List

Lucene search

IbmRational Appscan8.5.0.0

9 matches found

CVE•added 2012/05/03 4:8 a.m.•37 views

CVE-2012-0730

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6CVSS7.2AI score0.00124EPSS

CVE•added 2012/05/03 4:8 a.m.•36 views

CVE-2012-0736

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.

9.3CVSS7.7AI score0.03831EPSS

CVE•added 2012/05/03 4:8 a.m.•33 views

CVE-2012-0733

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.

6CVSS6.4AI score0.00411EPSS

CVE•added 2012/05/03 4:8 a.m.•33 views

CVE-2012-0734

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.

7.6CVSS6.7AI score0.00516EPSS

CVE•added 2012/05/03 4:8 a.m.•32 views

CVE-2012-0731

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.

6.8CVSS6.2AI score0.00275EPSS

CVE•added 2012/05/03 4:8 a.m.•31 views

CVE-2012-0735

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.

7.6CVSS6.7AI score0.00516EPSS

CVE•added 2012/05/03 4:8 a.m.•27 views

CVE-2012-0729

Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.

6CVSS7.2AI score0.0048EPSS

CVE•added 2012/05/03 4:8 a.m.•27 views

CVE-2012-0732

The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8CVSS5.8AI score0.00181EPSS

CVE•added 2012/05/03 4:8 a.m.•27 views

CVE-2012-0737

Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00208EPSS