This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2012-12-28
Product Security Appscan Last view 2018-04-16
Version 8.6.0.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition enterprise  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:security_appscan

Activity : Overall

Related : CVE

  Date Alert Description
5.4 2018-04-16 CVE-2015-1952

Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416.

5.5 2014-08-29 CVE-2014-4806

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file.

1.7 2013-09-08 CVE-2013-2997

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

5 2013-09-08 CVE-2013-0531

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5.8 2012-12-28 CVE-2012-0741

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

5.8 2012-12-28 CVE-2012-0738

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-20 Improper Input Validation
16% (1) CWE-522 Insufficiently Protected Credentials
16% (1) CWE-310 Cryptographic Issues
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')