Search criteria

39 vulnerabilities found for rational_appscan by ibm

FKIE_CVE-2012-0735

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74558
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74558
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
    },
    {
      "lang": "es",
      "value": "IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1 no trata correctamente los an\u00e1lisis de los archivos: las direcciones URL, lo que permite a los atacantes man-in-the-middle obtener informaci\u00f3n sensible o posiblemente tener un impacto no especificado a trav\u00e9s de un URI modificado."
    }
  ],
  "id": "CVE-2012-0735",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T04:08:25.017",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0737

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74560
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74560
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0737",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-05-03T04:08:25.107",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0736

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74559
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74559
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site."
    },
    {
      "lang": "es",
      "value": "IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1 no crea debidamente los puestos de trabajo de exploraci\u00f3n, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web modificado."
    }
  ],
  "id": "CVE-2012-0736",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-05-03T04:08:25.060",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0733

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74374
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74374
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."
    },
    {
      "lang": "es",
      "value": "IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1, cuando se utiliza la autenticaci\u00f3n integrada de Windows, permite a usuarios autenticados remotamente obtener privilegios de administrador mediante el secuestro de una sesi\u00f3n asociada a la cuenta de servicio."
    }
  ],
  "id": "CVE-2012-0733",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T04:08:24.907",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0732

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967Vendor Advisory
psirt@us.ibm.comhttp://secunia.com/advisories/48968Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74389
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74389
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
    },
    {
      "lang": "es",
      "value": "El cliente de la Consola Enterprise en IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1 no verifica los certificados X.509 de los servidores SSL, que permite atacantes man-in-the-middle suplantar a los servidores y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado modificado."
    }
  ],
  "id": "CVE-2012-0732",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T04:08:24.857",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0729

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74366
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74366
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de subida de ficheros sin restricci\u00f3n en IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1 permite a usuarios remotos autenticados para ejecutar c\u00f3digo ASP.NET arbitrario mediante la subida de en un archivo .aspx y, a continuaci\u00f3n, acceder a \u00e9l a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\r\n\u0027Unrestricted Upload of File with Dangerous Type\u0027",
  "id": "CVE-2012-0729",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T04:08:24.670",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0731

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74371
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74371
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1 no impide la suplantaci\u00f3n de la cuenta de servicio, lo que permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0731",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T04:08:24.780",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0734

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74557
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74557
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job."
    },
    {
      "lang": "es",
      "value": "IBM Rational AppScan Enterprise 5.x y 8.x antes de 8.5.0.1 no trata correctamente los trabajos de importaci\u00f3n, lo que permite a los atacantes man-in-the-middle obtener informaci\u00f3n sensible o posiblemente tener un impacto no especificado a trav\u00e9s de un trabajo manipulado."
    }
  ],
  "id": "CVE-2012-0734",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-03T04:08:24.953",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-0730

Vulnerability from fkie_nvd - Published: 2012-05-03 04:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
References
psirt@us.ibm.comhttp://secunia.com/advisories/48967
psirt@us.ibm.comhttp://secunia.com/advisories/48968
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/53247
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74370
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48968
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21592188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53247
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74370
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
ibm rational_appscan 8.0.1
ibm rational_appscan 8.0.1.1
ibm rational_appscan 8.5.0
ibm rational_appscan 8.5.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de fasificaci\u00f3n de peticiones en sitios cruzados (CSRF) en IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1 permite a atacantes remotos secuestrar la autentificaci\u00f3n de los administradores para peticiones que crean las cuentas administrativas."
    }
  ],
  "id": "CVE-2012-0730",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-05-03T04:08:24.717",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-1367

Vulnerability from fkie_nvd - Published: 2011-10-30 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.
References
cve@mitre.orghttp://secunia.com/advisories/46326
cve@mitre.orghttp://secunia.com/advisories/46329
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21515110
cve@mitre.orghttp://www.securityfocus.com/bid/49989
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/70044
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46326
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46329
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21515110
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49989
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/70044
Impacted products
Vendor Product Version
ibm rational_appscan 7.8.0
ibm rational_appscan 7.8.0.1
ibm rational_appscan 7.8.0.2
ibm rational_appscan 7.9.0
ibm rational_appscan 7.9.0.1
ibm rational_appscan 7.9.0.2
ibm rational_appscan 7.9.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 7.8.0
ibm rational_appscan 7.8.0.1
ibm rational_appscan 7.8.0.2
ibm rational_appscan 7.9.0
ibm rational_appscan 7.9.0.1
ibm rational_appscan 7.9.0.2
ibm rational_appscan 7.9.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71004AAF-D567-4CE4-BC6A-307F3B23F849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40692F3B-C1AE-449E-A83C-0D6A959BA3F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5BFFDC-6E20-45D4-BD19-20C3A8D8CF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC341F7-654E-4A1A-8A3F-3B7E93518EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF02B493-EE48-4971-A6A4-9629E97D72E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95183007-F36E-4501-B312-2301DC1AA723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7774010-1FF9-4104-B34D-8902D2B235E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A519576A-545A-4D0D-B379-8C6C4D8A5F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9BC155-C8E2-43AA-A460-699CA6089D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02AAA2C-DBE4-4F2C-B01D-D0824046E7E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF224E07-A1C8-4B29-9BF8-7F48298419A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3778314C-7303-483C-B31A-3E38777833D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3C2F1404-DF02-44A2-9E78-EE351607BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "D2B0E43F-9400-41CF-B0E2-E96F4AF33D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "C4D5B0B5-C38E-4FD7-BAFE-6D00D0E2ED51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "5F5E1229-A05A-4CC6-8869-9861D075B756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "B51DCDA3-1A72-490A-B644-ED5138CEA5FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la funci\u00f3n File Load de IBM Rational AppScan Standard and Express v7.8.x, v7.9.x y v8.0.x anterior a v8.0.0.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo .scan manipulado."
    }
  ],
  "id": "CVE-2011-1367",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-30T10:55:02.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46329"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/49989"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70044"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2011-1366

Vulnerability from fkie_nvd - Published: 2011-10-30 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.
References
cve@mitre.orghttp://secunia.com/advisories/46326
cve@mitre.orghttp://secunia.com/advisories/46329
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21515110
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/70043
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46326
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46329
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21515110
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/70043
Impacted products
Vendor Product Version
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 7.7.0
ibm rational_appscan 7.7.0.1
ibm rational_appscan 7.7.0.2
ibm rational_appscan 7.8.0
ibm rational_appscan 7.8.0.1
ibm rational_appscan 7.8.0.2
ibm rational_appscan 7.9.0
ibm rational_appscan 7.9.0.1
ibm rational_appscan 7.9.0.2
ibm rational_appscan 7.9.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.1
ibm rational_appscan 5.2
ibm rational_appscan 5.4
ibm rational_appscan 5.5
ibm rational_appscan 5.5.0
ibm rational_appscan 5.5.0.1
ibm rational_appscan 5.5.0.2
ibm rational_appscan 5.6.0
ibm rational_appscan 5.6.0.3
ibm rational_appscan 7.7.0
ibm rational_appscan 7.7.0.1
ibm rational_appscan 7.7.0.2
ibm rational_appscan 7.8.0
ibm rational_appscan 7.8.0.1
ibm rational_appscan 7.8.0.2
ibm rational_appscan 7.9.0
ibm rational_appscan 7.9.0.1
ibm rational_appscan 7.9.0.2
ibm rational_appscan 7.9.0.3
ibm rational_appscan 8.0.0
ibm rational_appscan 8.0.0.1
ibm rational_appscan 8.0.0.2
ibm rational_appscan 8.0.0.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "F6E51A67-713F-4B5F-ACCD-188C734F278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.7.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "8A0917E1-B74D-4C6B-8FBB-C64B07F22838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.7.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "12120592-3536-4BD5-BDE1-573FAB670BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.7.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "D738DF53-BDCE-4862-804B-8C534459DB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "FF224E07-A1C8-4B29-9BF8-7F48298419A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3778314C-7303-483C-B31A-3E38777833D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "3C2F1404-DF02-44A2-9E78-EE351607BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "D2B0E43F-9400-41CF-B0E2-E96F4AF33D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "C4D5B0B5-C38E-4FD7-BAFE-6D00D0E2ED51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "5F5E1229-A05A-4CC6-8869-9861D075B756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "B51DCDA3-1A72-490A-B644-ED5138CEA5FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F70CEEC8-E088-4EA3-AB44-5A68AC90328E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D2F3D5-7837-46CC-A2B9-48AC20B071B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "388588A4-EE46-44A9-9129-FBD1BD4D6A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "123BAB60-7340-487D-B87A-42016E0A7664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98444E1-4291-4CDA-ABAB-C5615A6CCF0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF31930-D3B0-4BDF-8655-0A10FDB25AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62FE2BFF-DAE2-4EFE-A6FA-DAC1B398A38C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E0A780-C8C2-431C-963F-2F0CA7E389AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54736D90-3A73-4594-BCFC-AB777C136025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2A29187-F910-4425-84B4-6CF093A3DC35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C83203-F27E-4797-8DAD-A5F4D8E7AABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71004AAF-D567-4CE4-BC6A-307F3B23F849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40692F3B-C1AE-449E-A83C-0D6A959BA3F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5BFFDC-6E20-45D4-BD19-20C3A8D8CF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC341F7-654E-4A1A-8A3F-3B7E93518EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF02B493-EE48-4971-A6A4-9629E97D72E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95183007-F36E-4501-B312-2301DC1AA723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:7.9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7774010-1FF9-4104-B34D-8902D2B235E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A519576A-545A-4D0D-B379-8C6C4D8A5F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF9BC155-C8E2-43AA-A460-699CA6089D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02AAA2C-DBE4-4F2C-B01D-D0824046E7E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F8EB18-B6CD-44A6-9C39-3FA56C202C39",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la funci\u00f3n Import de IBM Rational AppScan Enterprise y AppScan Reportinf Console v5.2 hasta v7.9.x y v8.x anterior a v8.0.1.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario en un servidor agente a trav\u00e9s de un archivo ZIP manipulado."
    }
  ],
  "id": "CVE-2011-1366",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-30T10:55:02.867",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46326"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46329"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70043"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-0731 (GCVE-0-2012-0731)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          },
          {
            "name": "ae-config-info-disclosure(74371)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        },
        {
          "name": "ae-config-info-disclosure(74371)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            },
            {
              "name": "ae-config-info-disclosure(74371)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0731",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0737 (GCVE-0-2012-0737)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "appscan-enterprise-xss(74560)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
          },
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "appscan-enterprise-xss(74560)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
        },
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0737",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "appscan-enterprise-xss(74560)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
            },
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0737",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0735 (GCVE-0-2012-0735)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "name": "ae-fileuri-info-disclosure(74558)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "name": "ae-fileuri-info-disclosure(74558)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "ae-fileuri-info-disclosure(74558)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0735",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0729 (GCVE-0-2012-0729)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "appscan-file-upload(74366)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "appscan-file-upload(74366)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0729",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "appscan-file-upload(74366)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0729",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0732 (GCVE-0-2012-0732)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "name": "ae-ecc-spoofing(74389)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "name": "ae-ecc-spoofing(74389)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0732",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "ae-ecc-spoofing(74389)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0732",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0736 (GCVE-0-2012-0736)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ae-platformauth-code-execution(74559)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
          },
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ae-platformauth-code-execution(74559)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
        },
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0736",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ae-platformauth-code-execution(74559)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
            },
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0736",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0733 (GCVE-0-2012-0733)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ae-serviceacct-session-hijacking(74374)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
          },
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ae-serviceacct-session-hijacking(74374)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
        },
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0733",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ae-serviceacct-session-hijacking(74374)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
            },
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0733",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0734 (GCVE-0-2012-0734)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "name": "ae-importjob-info-disclosure(74557)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "name": "ae-importjob-info-disclosure(74557)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "ae-importjob-info-disclosure(74557)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0734",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0730 (GCVE-0-2012-0730)

Vulnerability from cvelistv5 – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "ae-multiple-csrf(74370)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "ae-multiple-csrf(74370)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0730",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "ae-multiple-csrf(74370)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0730",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1366 (GCVE-0-2011-1366)

Vulnerability from cvelistv5 – Published: 2011-10-30 10:00 – Updated: 2024-08-06 22:21
VLAI?
Summary
Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg… x_refsource_CONFIRM
http://secunia.com/advisories/46329 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/46326 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rational-appscan-zip-code-execution(70043)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70043"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
          },
          {
            "name": "46329",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46329"
          },
          {
            "name": "46326",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46326"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "rational-appscan-zip-code-execution(70043)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70043"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
        },
        {
          "name": "46329",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46329"
        },
        {
          "name": "46326",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46326"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1366",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rational-appscan-zip-code-execution(70043)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70043"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110"
            },
            {
              "name": "46329",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46329"
            },
            {
              "name": "46326",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46326"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1366",
    "datePublished": "2011-10-30T10:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:21:34.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0731 (GCVE-0-2012-0731)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          },
          {
            "name": "ae-config-info-disclosure(74371)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        },
        {
          "name": "ae-config-info-disclosure(74371)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            },
            {
              "name": "ae-config-info-disclosure(74371)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0731",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0737 (GCVE-0-2012-0737)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "appscan-enterprise-xss(74560)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
          },
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "appscan-enterprise-xss(74560)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
        },
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0737",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "appscan-enterprise-xss(74560)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
            },
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0737",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0735 (GCVE-0-2012-0735)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.826Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "name": "ae-fileuri-info-disclosure(74558)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "name": "ae-fileuri-info-disclosure(74558)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "ae-fileuri-info-disclosure(74558)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0735",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0729 (GCVE-0-2012-0729)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "appscan-file-upload(74366)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "appscan-file-upload(74366)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0729",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "appscan-file-upload(74366)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74366"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0729",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0732 (GCVE-0-2012-0732)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "name": "ae-ecc-spoofing(74389)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "name": "ae-ecc-spoofing(74389)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0732",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "ae-ecc-spoofing(74389)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0732",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0736 (GCVE-0-2012-0736)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ae-platformauth-code-execution(74559)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
          },
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ae-platformauth-code-execution(74559)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
        },
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0736",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ae-platformauth-code-execution(74559)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74559"
            },
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0736",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0733 (GCVE-0-2012-0733)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ae-serviceacct-session-hijacking(74374)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
          },
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ae-serviceacct-session-hijacking(74374)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
        },
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0733",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ae-serviceacct-session-hijacking(74374)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"
            },
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0733",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0734 (GCVE-0-2012-0734)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "name": "ae-importjob-info-disclosure(74557)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "name": "ae-importjob-info-disclosure(74557)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "ae-importjob-info-disclosure(74557)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0734",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0730 (GCVE-0-2012-0730)

Vulnerability from nvd – Published: 2012-05-03 01:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
ibm
References
http://secunia.com/advisories/48967 third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=swg21592188 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/48968 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/53247 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48967"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
          },
          {
            "name": "ae-multiple-csrf(74370)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
          },
          {
            "name": "48968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48968"
          },
          {
            "name": "53247",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53247"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "48967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48967"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
        },
        {
          "name": "ae-multiple-csrf(74370)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
        },
        {
          "name": "48968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48968"
        },
        {
          "name": "53247",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0730",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48967"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
            },
            {
              "name": "ae-multiple-csrf(74370)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
            },
            {
              "name": "48968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48968"
            },
            {
              "name": "53247",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0730",
    "datePublished": "2012-05-03T01:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}