9 matches found
CVE-2013-0513
CVE-2013-0513 affects IBM Rational AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (5.6 and 8.x prior to 8.5.0.4), plus IBM Rational ClearCase/ClearQuest per IBM advisories. The root cause is an unquoted service path created during installation, enabling a lo...
CVE-2013-4061
This CVE (CVE-2013-4061) affects IBM Rational Policy Tester 8.5 prior to 8.5.0.5. The issue is an authorization check failure on changes to the set of authentication hosts, allowing remote authenticated users to perform spoofing attacks via HTTP redirects. Affected product is Rational Policy Test...
CVE-2013-0473
CVE-2013-0473 describes multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x prior to 8.5.0.4). The issue allows remote attackers to inject arbitrary web script or HTML via a...
CVE-2013-0512
CVE-2013-0512 describes a stack-based buffer overflow in the Manual Explore browser plug-in for Firefox used by IBM Security AppScan Enterprise (versions 5.6 and 8.x before 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x before 8.5.0.4). The vulnerability allows remote attackers to caus...
CVE-2012-0741
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 fail to validate X.509 certificates when using the Manual Explore Proxy feature, enabling man-in-the-middle attackers to spoof SSL servers with an arbitrary certificate. The CVE describes a vulnerability in S...
CVE-2013-4062
Summary (CVE-2013-4062): IBM Rational Policy Tester 8.5 before 8.5.0.5 fails to verify X.509 certificates from SSL servers, enabling potential man-in-the-middle attacks that could spoof Jazz Team servers, and expose or alter client–server data (confidentiality, integrity, and availability). Affec...
CVE-2013-0532
The CVE-2013-0532 entry describes a CSRF vulnerability in IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (5.6 and 8.x prior to 8.5.0.4) that allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial...
CVE-2013-0474
CVE-2013-0474 affects the Manual Explore browser plug-in used with IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x prior to 8.5.0.4). The vulnerability allows remote attackers to disclose test Platform Authentication credent...
CVE-2012-0738
CVE-2012-0738 affects IBM Security AppScan Enterprise (before 8.6.0.2) and Rational Policy Tester (before 8.5.0.3). The issue is that these products do not validate X.509 certificates during scanning, enabling man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. The NVD ...