Lucene search
K
IbmSecurity Appscan

27 matches found

CVE
CVE
added 2013/09/08 4:0 p.m.62 views

CVE-2013-0531

Summary of CVE-2013-0531 : IBM Security AppScan Enterprise (formerly IBM Rational AppScan Enterprise) before 8.7.0.1 uses SSL cipher suites with weak encryption algorithms. This allows remote attackers to sniff network traffic and potentially obtain sensitive information, and can enable man-in-th...

5CVSS6AI score0.00721EPSS
CVE
CVE
added 2016/06/01 3:0 p.m.56 views

CVE-2016-0288

CVE-2016-0288 affects IBM Security AppScan Standard (8.7.x, 8.8.x, and 9.x prior to 9.0.3.2) and Security AppScan Enterprise. The flaw is an XML External Entity (XXE) issue caused by improper handling of XML external entities, allowing remote authenticated users to read arbitrary files by submitt...

6.5CVSS6.1AI score0.01549EPSS
CVE
CVE
added 2013/03/29 10:0 a.m.52 views

CVE-2013-0513

CVE-2013-0513 affects IBM Rational AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (5.6 and 8.x prior to 8.5.0.4), plus IBM Rational ClearCase/ClearQuest per IBM advisories. The root cause is an unquoted service path created during installation, enabling a lo...

7.2CVSS8.5AI score0.00334EPSS
CVE
CVE
added 2013/03/29 10:0 a.m.51 views

CVE-2013-0511

CVE-2013-0511 affects IBM Security/AppScan Enterprise 5.6 and 8.x up to 8.7. The vulnerability is described as multiple SQL injection flaws that allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. The Seebug entry specifies IBM Rational AppScan Enterpris...

6.5CVSS8.1AI score0.00961EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.51 views

CVE-2016-6042

CVE-2016-6042 affects IBM AppScan Enterprise Edition, where remote code execution could occur due to improper handling of objects in memory. An attacker could trigger this by convincing a user to open specially crafted content, executing code in the victim’s context. Exploitation details, affecte...

9.3CVSS7.4AI score0.02618EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.50 views

CVE-2014-6121

The CVE-2014-6121 vulnerability affects IBM Security AppScan Enterprise (versions 8.5 prior to 8.5 IFix 002; 8.6 prior to 8.6 IFix 004; 8.7 prior to 8.7 IFix 004; 8.8 prior to 8.8 iFix 003; 9.0 prior to 9.0.0.1 iFix 003; 9.0.1 prior to 9.0.1 iFix 001). It is a cross-site scripting (XSS) flaw wher...

3.5CVSS5.2AI score0.00936EPSS
CVE
CVE
added 2013/09/08 4:0 p.m.47 views

CVE-2013-2997

CVE-2013-2997 affects IBM Security AppScan Enterprise prior to version 8.7. The issue: upon logout, the session context is not invalidated, enabling session hijacking from an unattended workstation. IBM published advisory 1640352 with a patch/mitigation; upgrading to a fixed version (8.7 or later...

1.7CVSS6.6AI score0.00457EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.47 views

CVE-2014-6119

IBM Security AppScan Enterprise is affected by CVE-2014-6119. The vulnerability allows remote attackers to execute arbitrary code via a crafted executable file inside an archive. Affected versions are: 8.5 before 8.5 IFix 002; 8.6 before 8.6 IFix 004; 8.7 before 8.7 IFix 004; 8.8 before 8.8 iFix ...

9.3CVSS7.7AI score0.03626EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.47 views

CVE-2014-6122

IBM Security AppScan Enterprise versions affected: 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. An authenticated remote user can write to arbitrary folders via a modified argument ...

5.5CVSS6.9AI score0.01538EPSS
CVE
CVE
added 2014/08/29 10:0 a.m.46 views

CVE-2014-4806

The CVE pertains to IBM Security AppScan Enterprise. On Linux, during installation, a cleartext password is written to a temporary file, enabling local users to read sensitive information. Affected releases include 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 i...

5.5CVSS5AI score0.00264EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.46 views

CVE-2014-6135

CVE-2014-6135 affects IBM Security AppScan Enterprise, specifically versions 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. The issue allows remote attackers to perform clickjacking ...

4.3CVSS6.7AI score0.01168EPSS
CVE
CVE
added 2013/03/29 10:0 a.m.45 views

CVE-2013-0510

CVE-2013-0510 affects IBM Security AppScan Enterprise 5.6 and 8.x prior to 8.7. A security test built into these versions sends session cookies to a specific external server, enabling MITM attackers to hijack the test account by capturing cookies. The description does not specify affected build d...

4.3CVSS6.5AI score0.00856EPSS
CVE
CVE
added 2013/03/29 10:0 a.m.44 views

CVE-2013-0473

CVE-2013-0473 describes multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x prior to 8.5.0.4). The issue allows remote attackers to inject arbitrary web script or HTML via a...

4.3CVSS5.6AI score0.01148EPSS
CVE
CVE
added 2013/11/13 3:0 p.m.43 views

CVE-2013-5450

CVE-2013-5450 affects IBM Security AppScan Enterprise versions 8.5 through 8.7.0.1 when Jazz authentication is enabled. The root issue is an improperly protected URL that can be leveraged in a man-in-the-middle scenario to obtain sensitive information or modify data by obtaining a session token. ...

4CVSS6.2AI score0.00776EPSS
CVE
CVE
added 2015/02/02 1:0 a.m.43 views

CVE-2014-8918

CVE-2014-8918 affects IBM Security AppScan Standard 8.x and 9.x prior to 9.0.1.1 FP1. The vulnerability arises from improper verification of X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive data via a crafted certificate. Affected pro...

5.8CVSS5.8AI score0.00521EPSS
CVE
CVE
added 2012/12/28 11:0 a.m.42 views

CVE-2012-0741

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 fail to validate X.509 certificates when using the Manual Explore Proxy feature, enabling man-in-the-middle attackers to spoof SSL servers with an arbitrary certificate. The CVE describes a vulnerability in S...

5.8CVSS6.6AI score0.00593EPSS
CVE
CVE
added 2014/03/26 10:0 a.m.42 views

CVE-2014-0904

The CVE-2014-0904 issue affects IBM Security AppScan Standard versions 7.9–8.8, where the update mechanism does not perform integrity checks on downloaded files, enabling remote arbitrary-code execution via a crafted file. The vulnerability impacts the application’s update process and can be expl...

7.6CVSS7.6AI score0.03053EPSS
CVE
CVE
added 2013/03/29 10:0 a.m.41 views

CVE-2013-0512

CVE-2013-0512 describes a stack-based buffer overflow in the Manual Explore browser plug-in for Firefox used by IBM Security AppScan Enterprise (versions 5.6 and 8.x before 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x before 8.5.0.4). The vulnerability allows remote attackers to caus...

4.3CVSS7AI score0.01112EPSS
CVE
CVE
added 2013/03/29 10:0 a.m.41 views

CVE-2013-0532

The CVE-2013-0532 entry describes a CSRF vulnerability in IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (5.6 and 8.x prior to 8.5.0.4) that allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial...

6.8CVSS7.3AI score0.00633EPSS
CVE
CVE
added 2018/04/16 5:0 p.m.41 views

CVE-2015-1952

IBM AppScan Enterprise Edition 9.0.x is affected by a cross-site scripting (XSS) vulnerability tracked as CVE-2015-1952. The flaw exists in 9.0.x before 9.0.2 iFix 001 and allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The issue originates from input valid...

5.4CVSS5AI score0.00657EPSS
CVE
CVE
added 2017/08/02 5:0 p.m.40 views

CVE-2016-9981

CVE-2016-9981 affects IBM AppScan Enterprise Edition 9.0. The available documents describe an unspecified vulnerability that could allow an attacker to hijack a valid user’s session. No concrete root-cause, affected component details, exploit vectors, or remediation steps are provided in the sour...

8.1CVSS7.6AI score0.01444EPSS
CVE
CVE
added 2013/10/28 1:0 a.m.39 views

CVE-2013-5430

CVE-2013-5430 affects IBM Security AppScan Enterprise 8.x Jazz Team Server prior to 8.8, where a default username and password enable remote authenticated access to the component when installation details permit credential disclosure. The available documents identify the vulnerable component and ...

5.5CVSS5.8AI score0.0093EPSS
CVE
CVE
added 2015/02/02 1:0 a.m.39 views

CVE-2014-6136

Product: IBM Security AppScan Standard 8.x and 9.x (before 9.0.1.1 FP1). Issue: unencrypted sessions that allow remote attackers to sniff network traffic and obtain sensitive information. Impact: exposure of sensitive data via network sniffing. Status: CVE-2014-6136 details are supported by multi...

5CVSS6.2AI score0.01173EPSS
CVE
CVE
added 2012/12/28 11:0 a.m.38 views

CVE-2012-0738

CVE-2012-0738 affects IBM Security AppScan Enterprise (before 8.6.0.2) and Rational Policy Tester (before 8.5.0.3). The issue is that these products do not validate X.509 certificates during scanning, enabling man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. The NVD ...

5.8CVSS6.5AI score0.00593EPSS
CVE
CVE
added 2013/03/29 10:0 a.m.38 views

CVE-2013-0474

CVE-2013-0474 affects the Manual Explore browser plug-in used with IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x prior to 8.5.0.4). The vulnerability allows remote attackers to disclose test Platform Authentication credent...

4.3CVSS6.6AI score0.01001EPSS
CVE
CVE
added 2013/10/25 8:0 p.m.38 views

CVE-2013-3989

CVE-2013-3989 affects IBM Security AppScan Enterprise (8.x prior to 8.8). The vulnerability arises because the product may send a cleartext AppScan Source database password in HTTP responses, enabling remote authenticated users to view sensitive information and potentially perform man-in-the-midd...

3.5CVSS6.1AI score0.00832EPSS
CVE
CVE
added 2013/11/13 3:0 p.m.38 views

CVE-2013-5453

CVE-2013-5453 affects IBM Security AppScan Enterprise 5.6 through 8.7.0.1. The issue allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. The connected documents confirm the affected product/version range and the na...

3.5CVSS6.3AI score0.00852EPSS