Rational Appscan Security Vulnerabilities and Issues — Rational Appscan CVE List

Lucene search

IbmRational Appscan

4 matches found

CVE•added 2012/05/03 4:8 a.m.•37 views

CVE-2012-0730

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

6CVSS7.2AI score0.00124EPSS

CVE•added 2012/05/03 4:8 a.m.•33 views

CVE-2012-0733

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.

6CVSS6.4AI score0.00411EPSS

CVE•added 2012/05/03 4:8 a.m.•32 views

CVE-2012-0731

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.

6.8CVSS6.2AI score0.00275EPSS

CVE•added 2012/05/03 4:8 a.m.•27 views

CVE-2012-0729

Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.

6CVSS7.2AI score0.0048EPSS