IBM Rational AppScan Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in IBM Rational AppScan, which can be exploited by malicious users to disclose certain information and by malicious people to conduct spoofing and cross-site scripting attacks, disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
- An error can be exploited to conduct spoofing and Man-in-the-Middle (MitM) attacks.
- Two errors can be exploited to conduct spoofing and cross-site scripting attacks.
- Multiple vulnerabilities are caused due to a bundled vulnerable version of IBM Java.
Impact
- Cross-Site Scripting
- Denial of Service
- Remote Code Execution
- Information Disclosure
- Spoofing
- Data Manipulation
System / Technologies affected
- IBM Rational AppScan 7.x
- IBM Rational AppScan 8.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 8.6.
Vulnerability Identifier
- CVE-2007-3633
- CVE-2012-0729
- CVE-2012-0730
- CVE-2012-0731
- CVE-2012-0732
- CVE-2012-0733
- CVE-2012-0734
- CVE-2012-0735
- CVE-2012-0736
- CVE-2012-0737
- CVE-2011-3103
- CVE-2011-3104
- CVE-2011-3105
- CVE-2011-3106
- CVE-2011-3107
- CVE-2011-3108
- CVE-2011-3109
- CVE-2011-3110
- CVE-2011-3111
- CVE-2011-3112
- CVE-2011-3113
- CVE-2011-3114
- CVE-2011-3115
- CVE-2011-3389
- CVE-2011-3516
- CVE-2011-3521
- CVE-2011-3544
- CVE-2011-3545
- CVE-2011-3546
- CVE-2011-3547
- CVE-2011-3548
- CVE-2011-3549
- CVE-2011-3550
- CVE-2011-3551
- CVE-2011-3552
- CVE-2011-3553
- CVE-2011-3554
- CVE-2011-3556
- CVE-2011-3557
- CVE-2011-3560
- CVE-2011-3561
- CVE-2011-3563
- CVE-2011-5035
- CVE-2012-0497
- CVE-2012-0498
- CVE-2012-0499
- CVE-2012-0500
- CVE-2012-0501
- CVE-2012-0502
- CVE-2012-0503
- CVE-2012-0505
- CVE-2012-0506
- CVE-2012-0507
- CVE-2012-0732
- CVE-2012-2159
- CVE-2012-2161
Source
Related Link
Share with