CVE-2012-0736

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.3CRITICAL

EPSS

2.3%

top 15.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Appscan

Timeline

PublishedMay 3

Latest updateMay 17

Description

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/rational_appscan15 versions+14

🔴Vulnerability Details

GHSA

GHSA-f24x-wp94-r3f6: IBM Rational AppScan Enterprise 5↗2022-05-17

▶

CVEList

CVE-2012-0736: IBM Rational AppScan Enterprise 5↗2012-05-03

▶