Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5450 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 4.0 MEDIUM | N/A |
| IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token. | |||||
| CVE-2013-0513 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2025-04-11 | 7.2 HIGH | N/A |
| IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability. | |||||
| CVE-2013-3989 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 3.5 LOW | N/A |
| IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content. | |||||
| CVE-2013-5430 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 5.5 MEDIUM | N/A |
| The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access to this component by leveraging this credential information in an environment with applicable component installation details. | |||||
| CVE-2013-0510 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. | |||||
| CVE-2013-0512 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2025-04-11 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. | |||||
| CVE-2015-1952 | 1 Ibm | 1 Security Appscan | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416. | |||||