Lucene search
K
IbmSecurity Appscan Source

14 matches found

CVE
CVE
added 2012/06/20 10:0 a.m.73 views

CVE-2012-2159

CVE-2012-2159 is an open-redirect vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, Streams, DB2/QMF, WebSphere-related tooling). The issue arises from IEHS scripts that can redirect trusted users to untrusted sites, enabling phishing v...

5.8CVSS8.7AI score0.01843EPSS
CVE
CVE
added 2012/06/20 10:0 a.m.57 views

CVE-2012-2161

CVE-2012-2161 is a cross-site scripting vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, DB2 Information Center, Sales Center for WebSphere Commerce, IMS Explorer for Development). The flaw resides in IEHS (deferredView.jsp and related...

4.3CVSS5.3AI score0.01773EPSS
CVE
CVE
added 2018/04/12 9:0 p.m.54 views

CVE-2014-6120

CVE-2014-6120 affects IBM Rational AppScan Source (versions 8.0–8.0.2, 8.5–8.5.0.1) and Security AppScan Source (8.6–9.0.1, including 8.7.x and 8.8); allows remote attackers to execute arbitrary commands on the installation server via unspecified vectors. CVSS scores in the documents indicate cri...

10CVSS9.2AI score0.0511EPSS
CVE
CVE
added 2014/12/29 2:0 a.m.53 views

CVE-2014-6123

The CVE-2014-6123 entry affects IBM Rational AppScan Source and related Security AppScan Source versions up to 9.0.1, where local users can read installation logs to obtain sensitive credential information. Affected products include Rational AppScan Source 8.0–8.0.2, 8.5–8.5.0.1, and Security App...

2.1CVSS5.9AI score0.00312EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.51 views

CVE-2014-6121

The CVE-2014-6121 vulnerability affects IBM Security AppScan Enterprise (versions 8.5 prior to 8.5 IFix 002; 8.6 prior to 8.6 IFix 004; 8.7 prior to 8.7 IFix 004; 8.8 prior to 8.8 iFix 003; 9.0 prior to 9.0.0.1 iFix 003; 9.0.1 prior to 9.0.1 iFix 001). It is a cross-site scripting (XSS) flaw wher...

3.5CVSS5.2AI score0.00936EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.48 views

CVE-2014-6119

IBM Security AppScan Enterprise is affected by CVE-2014-6119. The vulnerability allows remote attackers to execute arbitrary code via a crafted executable file inside an archive. Affected versions are: 8.5 before 8.5 IFix 002; 8.6 before 8.6 IFix 004; 8.7 before 8.7 IFix 004; 8.8 before 8.8 iFix ...

9.3CVSS7.7AI score0.03626EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.48 views

CVE-2014-6122

IBM Security AppScan Enterprise versions affected: 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. An authenticated remote user can write to arbitrary folders via a modified argument ...

5.5CVSS6.9AI score0.01538EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.48 views

CVE-2016-3034

The CVE-2016-3034 entry concerns IBM AppScan Source, where a cryptographic weakness is used: a one-way hash without salt to encrypt highly sensitive information. The underlying root cause is insecure hashing, enabling a local attacker to decrypt information more easily. Affected software is IBM A...

4.4CVSS4.4AI score0.00214EPSS
CVE
CVE
added 2012/06/20 10:0 a.m.46 views

CVE-2012-2173

The CVE concerns IBM Security AppScan Source’s ODBC driver for solidDB. "The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6" transmits an SHA-1 hash of the connection password during database connections, allowing remote attackers to sniff network traffic and obtain sensitive i...

5CVSS6.3AI score0.01173EPSS
CVE
CVE
added 2014/12/23 2:0 a.m.46 views

CVE-2014-6135

CVE-2014-6135 affects IBM Security AppScan Enterprise, specifically versions 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. The issue allows remote attackers to perform clickjacking ...

4.3CVSS6.7AI score0.01168EPSS
CVE
CVE
added 2014/08/12 2:0 p.m.45 views

CVE-2014-3072

CVE-2014-3072 affects IBM Security AppScan Source Automation Server across multiple release lines (8.x up to 9.0.0.1). The vulnerability allows local users to gain privileges by executing a crafted service. The exact root cause, vulnerable component/version mapping, exploit details, and remediati...

7.2CVSS6.5AI score0.00371EPSS
CVE
CVE
added 2014/06/08 11:0 p.m.43 views

CVE-2014-0936

CVE-2014-0936 affects IBM Security AppScan Source 8.0–9.0. The issue is a misconfigured publish-assessment permission on the configured database server, which allows the transmission of cleartext assessment data and may enable remote attackers to obtain sensitive information by sniffing the netwo...

4.3CVSS6.2AI score0.00626EPSS
CVE
CVE
added 2014/10/26 6:0 p.m.43 views

CVE-2014-4812

CVE-2014-4812 (IBM Security AppScan Source 8.x–9.0.1) : The installer exposes an open network port for a debug service, enabling remote attackers to obtain sensitive information by connecting to that port. The primary affected component is the installer for IBM Security AppScan Source; the underl...

1.8CVSS6.2AI score0.00491EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.41 views

CVE-2016-3035

The CVE-2016-3035 entry concerns IBM AppScan Source and is categorized as information disclosure. The available documents indicate that an information leak could occur when a user browses testlinks on the server, potentially exposing sensitive data. No concrete details are provided in the initial...

5.3CVSS5.1AI score0.01029EPSS