Ibm Rational Appscan vulnerabilities

13 known vulnerabilities affecting ibm/rational_appscan.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM7LOW1

Vulnerabilities

Page 1 of 1
CVE-2012-0736CRITICALCVSS 9.3v5.2v5.4+13 more2012-05-03
CVE-2012-0736 [CRITICAL] CWE-20 CVE-2012-0736: IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
nvd
CVE-2012-0734HIGHCVSS 7.6v5.2v5.4+13 more2012-05-03
CVE-2012-0734 [HIGH] CVE-2012-0734: IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allo IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.
nvd
CVE-2012-0735HIGHCVSS 7.6v5.2v5.4+13 more2012-05-03
CVE-2012-0735 [HIGH] CWE-20 CVE-2012-0735: IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.
nvd
CVE-2012-0733MEDIUMCVSS 6.0v5.2v5.4+13 more2012-05-03
CVE-2012-0733 [MEDIUM] CWE-264 CVE-2012-0733: IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication i IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.
nvd
CVE-2012-0730MEDIUMCVSS 6.0v5.2v5.4+13 more2012-05-03
CVE-2012-0730 [MEDIUM] CWE-352 CVE-2012-0730: Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x an Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
nvd
CVE-2012-0731MEDIUMCVSS 6.8v5.2v5.4+13 more2012-05-03
CVE-2012-0731 [MEDIUM] CWE-200 CVE-2012-0731: IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account imperson IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
nvd
CVE-2012-0732MEDIUMCVSS 5.8v5.2v5.4+13 more2012-05-03
CVE-2012-0732 [MEDIUM] CWE-310 CVE-2012-0732: The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd
CVE-2012-0729MEDIUMCVSS 6.0v5.2v5.4+13 more2012-05-03
CVE-2012-0729 [MEDIUM] CVE-2012-0729: Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.
nvd
CVE-2012-0737LOWCVSS 3.5v5.2v5.4+13 more2012-05-03
CVE-2012-0737 [LOW] CWE-79 CVE-2012-0737: Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0 Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2011-1367CRITICALCVSS 9.3v7.8.0v7.8.0.1+8 more2011-10-30
CVE-2011-1367 [CRITICAL] CVE-2011-1367: Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8. Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.
nvd
CVE-2011-1366HIGHCVSS 8.8v5.2v5.4+21 more2011-10-30
CVE-2011-1366 [HIGH] CVE-2011-1366: Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Repor Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.
nvd
CVE-2009-3745MEDIUMCVSS 4.3v5.5.0.22009-10-22
CVE-2009-3745 [MEDIUM] CWE-79 CVE-2009-3745: Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Editio Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
nvd
CVE-2009-1056MEDIUMCVSS 5.0≤ 5.52009-03-24
CVE-2009-1056 [MEDIUM] CVE-2009-1056: IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported re IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."
nvd