Rational Appscan

rational_appscan

Vendor: Ibm • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-0737 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0736 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2012-0735 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 7.6 HIGH· v2 IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a craft...Show more IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.Show less
CVE-2012-0734 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 7.6 HIGH· v2 IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted j...Show more IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.Show less
CVE-2012-0733 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 6.0 MEDIUM· v2 IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the...Show more IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.Show less
CVE-2012-0732 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit...Show more The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less
CVE-2012-0731 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2012-0730 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create admi...Show more Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.Show less
CVE-2012-0729 1Ibm 1Rational Appscan Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it vi...Show more Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors.Show less
CVE-2011-1367 1Ibm 1Rational Appscan Apr 29, 2026 Oct 30, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.
CVE-2011-1366 1Ibm 1Rational Appscan Apr 29, 2026 Oct 30, 2011 N/A· v4 N/A· v3 8.8 HIGH· v2 Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent...Show more Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.Show less
CVE-2009-3745 1Ibm 1Rational Appscan Apr 23, 2026 Oct 22, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2009-1056 1Ibm 1Rational Appscan Apr 23, 2026 Mar 24, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."