27 matches found
CVE-2013-0531
Summary of CVE-2013-0531 : IBM Security AppScan Enterprise (formerly IBM Rational AppScan Enterprise) before 8.7.0.1 uses SSL cipher suites with weak encryption algorithms. This allows remote attackers to sniff network traffic and potentially obtain sensitive information, and can enable man-in-th...
CVE-2016-0288
CVE-2016-0288 affects IBM Security AppScan Standard (8.7.x, 8.8.x, and 9.x prior to 9.0.3.2) and Security AppScan Enterprise. The flaw is an XML External Entity (XXE) issue caused by improper handling of XML external entities, allowing remote authenticated users to read arbitrary files by submitt...
CVE-2013-0513
CVE-2013-0513 affects IBM Rational AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (5.6 and 8.x prior to 8.5.0.4), plus IBM Rational ClearCase/ClearQuest per IBM advisories. The root cause is an unquoted service path created during installation, enabling a lo...
CVE-2013-0511
CVE-2013-0511 affects IBM Security/AppScan Enterprise 5.6 and 8.x up to 8.7. The vulnerability is described as multiple SQL injection flaws that allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. The Seebug entry specifies IBM Rational AppScan Enterpris...
CVE-2016-6042
CVE-2016-6042 affects IBM AppScan Enterprise Edition, where remote code execution could occur due to improper handling of objects in memory. An attacker could trigger this by convincing a user to open specially crafted content, executing code in the victim’s context. Exploitation details, affecte...
CVE-2014-6121
The CVE-2014-6121 vulnerability affects IBM Security AppScan Enterprise (versions 8.5 prior to 8.5 IFix 002; 8.6 prior to 8.6 IFix 004; 8.7 prior to 8.7 IFix 004; 8.8 prior to 8.8 iFix 003; 9.0 prior to 9.0.0.1 iFix 003; 9.0.1 prior to 9.0.1 iFix 001). It is a cross-site scripting (XSS) flaw wher...
CVE-2013-2997
CVE-2013-2997 affects IBM Security AppScan Enterprise prior to version 8.7. The issue: upon logout, the session context is not invalidated, enabling session hijacking from an unattended workstation. IBM published advisory 1640352 with a patch/mitigation; upgrading to a fixed version (8.7 or later...
CVE-2014-6119
IBM Security AppScan Enterprise is affected by CVE-2014-6119. The vulnerability allows remote attackers to execute arbitrary code via a crafted executable file inside an archive. Affected versions are: 8.5 before 8.5 IFix 002; 8.6 before 8.6 IFix 004; 8.7 before 8.7 IFix 004; 8.8 before 8.8 iFix ...
CVE-2014-6122
IBM Security AppScan Enterprise versions affected: 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. An authenticated remote user can write to arbitrary folders via a modified argument ...
CVE-2014-4806
The CVE pertains to IBM Security AppScan Enterprise. On Linux, during installation, a cleartext password is written to a temporary file, enabling local users to read sensitive information. Affected releases include 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 i...
CVE-2014-6135
CVE-2014-6135 affects IBM Security AppScan Enterprise, specifically versions 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. The issue allows remote attackers to perform clickjacking ...
CVE-2013-0510
CVE-2013-0510 affects IBM Security AppScan Enterprise 5.6 and 8.x prior to 8.7. A security test built into these versions sends session cookies to a specific external server, enabling MITM attackers to hijack the test account by capturing cookies. The description does not specify affected build d...
CVE-2013-0473
CVE-2013-0473 describes multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x prior to 8.5.0.4). The issue allows remote attackers to inject arbitrary web script or HTML via a...
CVE-2013-5450
CVE-2013-5450 affects IBM Security AppScan Enterprise versions 8.5 through 8.7.0.1 when Jazz authentication is enabled. The root issue is an improperly protected URL that can be leveraged in a man-in-the-middle scenario to obtain sensitive information or modify data by obtaining a session token. ...
CVE-2014-8918
CVE-2014-8918 affects IBM Security AppScan Standard 8.x and 9.x prior to 9.0.1.1 FP1. The vulnerability arises from improper verification of X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive data via a crafted certificate. Affected pro...
CVE-2012-0741
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 fail to validate X.509 certificates when using the Manual Explore Proxy feature, enabling man-in-the-middle attackers to spoof SSL servers with an arbitrary certificate. The CVE describes a vulnerability in S...
CVE-2014-0904
The CVE-2014-0904 issue affects IBM Security AppScan Standard versions 7.9–8.8, where the update mechanism does not perform integrity checks on downloaded files, enabling remote arbitrary-code execution via a crafted file. The vulnerability impacts the application’s update process and can be expl...
CVE-2013-0512
CVE-2013-0512 describes a stack-based buffer overflow in the Manual Explore browser plug-in for Firefox used by IBM Security AppScan Enterprise (versions 5.6 and 8.x before 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x before 8.5.0.4). The vulnerability allows remote attackers to caus...
CVE-2013-0532
The CVE-2013-0532 entry describes a CSRF vulnerability in IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (5.6 and 8.x prior to 8.5.0.4) that allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial...
CVE-2015-1952
IBM AppScan Enterprise Edition 9.0.x is affected by a cross-site scripting (XSS) vulnerability tracked as CVE-2015-1952. The flaw exists in 9.0.x before 9.0.2 iFix 001 and allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The issue originates from input valid...
CVE-2016-9981
CVE-2016-9981 affects IBM AppScan Enterprise Edition 9.0. The available documents describe an unspecified vulnerability that could allow an attacker to hijack a valid user’s session. No concrete root-cause, affected component details, exploit vectors, or remediation steps are provided in the sour...
CVE-2013-5430
CVE-2013-5430 affects IBM Security AppScan Enterprise 8.x Jazz Team Server prior to 8.8, where a default username and password enable remote authenticated access to the component when installation details permit credential disclosure. The available documents identify the vulnerable component and ...
CVE-2014-6136
Product: IBM Security AppScan Standard 8.x and 9.x (before 9.0.1.1 FP1). Issue: unencrypted sessions that allow remote attackers to sniff network traffic and obtain sensitive information. Impact: exposure of sensitive data via network sniffing. Status: CVE-2014-6136 details are supported by multi...
CVE-2012-0738
CVE-2012-0738 affects IBM Security AppScan Enterprise (before 8.6.0.2) and Rational Policy Tester (before 8.5.0.3). The issue is that these products do not validate X.509 certificates during scanning, enabling man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. The NVD ...
CVE-2013-0474
CVE-2013-0474 affects the Manual Explore browser plug-in used with IBM Security AppScan Enterprise (versions 5.6 and 8.x prior to 8.7) and IBM Rational Policy Tester (versions 5.6 and 8.x prior to 8.5.0.4). The vulnerability allows remote attackers to disclose test Platform Authentication credent...
CVE-2013-3989
CVE-2013-3989 affects IBM Security AppScan Enterprise (8.x prior to 8.8). The vulnerability arises because the product may send a cleartext AppScan Source database password in HTTP responses, enabling remote authenticated users to view sensitive information and potentially perform man-in-the-midd...
CVE-2013-5453
CVE-2013-5453 affects IBM Security AppScan Enterprise 5.6 through 8.7.0.1. The issue allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. The connected documents confirm the affected product/version range and the na...