14 matches found
CVE-2012-2159
CVE-2012-2159 is an open-redirect vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, Streams, DB2/QMF, WebSphere-related tooling). The issue arises from IEHS scripts that can redirect trusted users to untrusted sites, enabling phishing v...
CVE-2012-2161
CVE-2012-2161 is a cross-site scripting vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, DB2 Information Center, Sales Center for WebSphere Commerce, IMS Explorer for Development). The flaw resides in IEHS (deferredView.jsp and related...
CVE-2014-6120
CVE-2014-6120 affects IBM Rational AppScan Source (versions 8.0–8.0.2, 8.5–8.5.0.1) and Security AppScan Source (8.6–9.0.1, including 8.7.x and 8.8); allows remote attackers to execute arbitrary commands on the installation server via unspecified vectors. CVSS scores in the documents indicate cri...
CVE-2014-6123
The CVE-2014-6123 entry affects IBM Rational AppScan Source and related Security AppScan Source versions up to 9.0.1, where local users can read installation logs to obtain sensitive credential information. Affected products include Rational AppScan Source 8.0–8.0.2, 8.5–8.5.0.1, and Security App...
CVE-2014-6121
The CVE-2014-6121 vulnerability affects IBM Security AppScan Enterprise (versions 8.5 prior to 8.5 IFix 002; 8.6 prior to 8.6 IFix 004; 8.7 prior to 8.7 IFix 004; 8.8 prior to 8.8 iFix 003; 9.0 prior to 9.0.0.1 iFix 003; 9.0.1 prior to 9.0.1 iFix 001). It is a cross-site scripting (XSS) flaw wher...
CVE-2014-6119
IBM Security AppScan Enterprise is affected by CVE-2014-6119. The vulnerability allows remote attackers to execute arbitrary code via a crafted executable file inside an archive. Affected versions are: 8.5 before 8.5 IFix 002; 8.6 before 8.6 IFix 004; 8.7 before 8.7 IFix 004; 8.8 before 8.8 iFix ...
CVE-2014-6122
IBM Security AppScan Enterprise versions affected: 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. An authenticated remote user can write to arbitrary folders via a modified argument ...
CVE-2016-3034
The CVE-2016-3034 entry concerns IBM AppScan Source, where a cryptographic weakness is used: a one-way hash without salt to encrypt highly sensitive information. The underlying root cause is insecure hashing, enabling a local attacker to decrypt information more easily. Affected software is IBM A...
CVE-2012-2173
The CVE concerns IBM Security AppScan Source’s ODBC driver for solidDB. "The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6" transmits an SHA-1 hash of the connection password during database connections, allowing remote attackers to sniff network traffic and obtain sensitive i...
CVE-2014-6135
CVE-2014-6135 affects IBM Security AppScan Enterprise, specifically versions 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001. The issue allows remote attackers to perform clickjacking ...
CVE-2014-3072
CVE-2014-3072 affects IBM Security AppScan Source Automation Server across multiple release lines (8.x up to 9.0.0.1). The vulnerability allows local users to gain privileges by executing a crafted service. The exact root cause, vulnerable component/version mapping, exploit details, and remediati...
CVE-2014-0936
CVE-2014-0936 affects IBM Security AppScan Source 8.0–9.0. The issue is a misconfigured publish-assessment permission on the configured database server, which allows the transmission of cleartext assessment data and may enable remote attackers to obtain sensitive information by sniffing the netwo...
CVE-2014-4812
CVE-2014-4812 (IBM Security AppScan Source 8.x–9.0.1) : The installer exposes an open network port for a debug service, enabling remote attackers to obtain sensitive information by connecting to that port. The primary affected component is the installer for IBM Security AppScan Source; the underl...
CVE-2016-3035
The CVE-2016-3035 entry concerns IBM AppScan Source and is categorized as information disclosure. The available documents indicate that an information leak could occur when a user browses testlinks on the server, potentially exposing sensitive data. No concrete details are provided in the initial...