Skip to main content

Security Appscan

26 CVEs product

Monthly

CVE-2016-9981 HIGH PATCH This Week

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Session Fixation IBM Information Disclosure Security Appscan
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-6042 HIGH PATCH This Week

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE IBM Security Appscan
NVD
CVSS 3.0
7.3
EPSS
0.8%
CVE-2016-0288 MEDIUM This Month

IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Security Appscan
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2014-8918 MEDIUM This Month

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Appscan
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-6136 MEDIUM This Month

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Appscan
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-6135 MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Appscan Security Appscan Source
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6122 MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Security Appscan Security Appscan Source
NVD
CVSS 2.0
5.5
EPSS
1.3%
CVE-2014-6121 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan Security Appscan Source
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6119 CRITICAL Act Now

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM RCE Code Injection Security Appscan Security Appscan Source
NVD
CVSS 2.0
9.3
EPSS
9.9%
CVE-2014-4806 MEDIUM This Month

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Appscan
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-0904 HIGH This Week

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

IBM RCE Security Appscan
NVD VulDB
CVSS 2.0
7.6
EPSS
3.8%
CVE-2013-5453 LOW Monitor

IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-5450 MEDIUM This Month

IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5430 MEDIUM This Month

The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-3989 LOW Monitor

IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2997 LOW Monitor

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Security Appscan
NVD
CVSS 2.0
1.7
EPSS
0.1%
CVE-2013-0531 MEDIUM This Month

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2013-0532 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Denial Of Service IBM Security Appscan Rational Policy Tester
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-0513 HIGH This Week

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Security Appscan Rational Policy Tester
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-0512 MEDIUM This Month

Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla IBM Security Appscan +1
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-0511 MEDIUM This Month

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Security Appscan
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-0510 MEDIUM This Month

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Security Appscan
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0474 MEDIUM This Month

The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan Rational Policy Tester
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0473 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan Rational Policy Tester
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-0741 MEDIUM PATCH This Month

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure IBM Security Appscan Rational Policy Tester
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-0738 MEDIUM PATCH This Month

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure IBM Security Appscan Rational Policy Tester
NVD
CVSS 2.0
5.8
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Session Fixation IBM Information Disclosure +1
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE IBM +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Security Appscan
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Appscan
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Appscan
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Security Appscan +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Security Appscan +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan +1
NVD
EPSS 10% CVSS 9.3
CRITICAL Act Now

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM RCE Code Injection +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Appscan
NVD
EPSS 4% CVSS 7.6
HIGH This Week

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

IBM RCE Security Appscan
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote authenticated users to read arbitrary report files by leveraging knowledge of filenames that cannot be easily predicted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Jazz Team Server component in IBM Security AppScan Enterprise 8.x before 8.8 has a default username and password, which makes it easier for remote authenticated users to obtain unspecified access. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Appscan
NVD
EPSS 0% CVSS 3.5
LOW Monitor

IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
EPSS 0% CVSS 1.7
LOW Monitor

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Security Appscan
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Appscan
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Denial Of Service IBM +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Security Appscan +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Security Appscan
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Security Appscan
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Security Appscan +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Security Appscan +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure IBM Security Appscan +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure IBM Security Appscan +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy