CVE-2012-0741

Published: Dec 28, 2012Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

Affected (25)

Products: Ibm: Security Appscan, Rational Policy Tester

Ibm

2 products

Security Appscan

Rational Policy Tester

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Appscan	Version 6.0.0.0
Ibm Security Appscan	Version 6.0.1.0
Ibm Security Appscan	Version 6.0.2.0
Ibm Security Appscan	Version 6.1.1.0
Ibm Security Appscan	Version 8.0.0.0
Ibm Security Appscan	Version 8.0.0.1
Ibm Security Appscan	Version 8.5.0.0
Ibm Security Appscan	Version 8.5.0.1
Ibm Security Appscan	Version 8.6.0.0

Configuration B

16 vulnerable

Vulnerable Software	Affected Versions
Ibm Rational Policy Tester	Up to 8.5.0.2
Ibm Rational Policy Tester	Version 5.5.0.0
Ibm Rational Policy Tester	Version 5.5.0.1
Ibm Rational Policy Tester	Version 5.5.0.2
Ibm Rational Policy Tester	Version 5.6.0.0
Ibm Rational Policy Tester	Version 5.6.0.1
Ibm Rational Policy Tester	Version 5.6.0.2
Ibm Rational Policy Tester	Version 5.6.0.3
Ibm Rational Policy Tester	Version 8.0.0.0
Ibm Rational Policy Tester	Version 8.0.0.1
Ibm Rational Policy Tester	Version 8.0.0.2
Ibm Rational Policy Tester	Version 8.0.1.0
Ibm Rational Policy Tester	Version 8.0.1.1
Ibm Rational Policy Tester	Version 8.5.0.0
Ibm Rational Policy Tester	Version 8.5.0.1
Ibm Security Appscan	Up to 8.6.0.1