CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1952
https://notcve.org/view.php?id=CVE-2015-1952
16 Apr 2018 — Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416. Vulnerabilidad de Cross-Site Scripting (XSS) en versiones 9.0.x anteriores a la 9.0.2 iFix 001 de IBM AppScan Enterprise Edition permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 103416. • http://www-01.ibm.com/support/docview.wss?uid=swg21883124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2014-8918
https://notcve.org/view.php?id=CVE-2014-8918
02 Feb 2015 — IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información información sensible a través de un certificado man... • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-6136
https://notcve.org/view.php?id=CVE-2014-6136
02 Feb 2015 — IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 soporta sesiones no codificadas, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2014-6121
https://notcve.org/view.php?id=CVE-2014-6121
23 Dec 2014 — Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anterior a 8.6 IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anteri... • http://www-01.ibm.com/support/docview.wss?uid=swg21693035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-6122
https://notcve.org/view.php?id=CVE-2014-6122
23 Dec 2014 — IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anteriora 8.6 IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003, y 9.... • http://www-01.ibm.com/support/docview.wss?uid=swg21693035 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 9%CPEs: 7EXPL: 0CVE-2014-6119
https://notcve.org/view.php?id=CVE-2014-6119
23 Dec 2014 — IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anterior a IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003 y 9.0.1 anterior a 9.0.1 iFix 001 permite a atac... • http://secunia.com/advisories/62012 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-6135
https://notcve.org/view.php?id=CVE-2014-6135
23 Dec 2014 — IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anterior a 8.6 IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003, y 9.0.1 anterior a 9.0.1 iFix 001 permite a atacantes rem... • http://www-01.ibm.com/support/docview.wss?uid=swg21693035 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4806
https://notcve.org/view.php?id=CVE-2014-4806
29 Aug 2014 — The installation process in IBM Security AppScan Enterprise 8.x before 8.6.0.2 iFix 003, 8.7.x before 8.7.0.1 iFix 003, 8.8.x before 8.8.0.1 iFix 002, and 9.0.x before 9.0.0.1 iFix 001 on Linux places a cleartext password in a temporary file, which allows local users to obtain sensitive information by reading this file. El proceso de instalación en IBM Security AppScan Enterprise 8.x anterior a 8.6.0.2 iFix 003, 8.7.x anterior a 8.7.0.1 iFix 003, 8.8.x anterior a 8.8.0.1 iFix 002, y 9.0.x anterior a 9.0.0.1... • http://www-01.ibm.com/support/docview.wss?uid=swg21682642 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 0CVE-2014-0904
https://notcve.org/view.php?id=CVE-2014-0904
26 Mar 2014 — The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file. El proceso de actualización en IBM Security AppScan Standard 7.9 hasta 8.8 no requiere comprobaciones de integridad de archivos descargados, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21666775 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5450
https://notcve.org/view.php?id=CVE-2013-5450
13 Nov 2013 — IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token. IBM Security AppScan Enterprise 8.5 hasta la versión 8.7.0.1, cuando la autenticación de Jazz está activada, permite a atacantes man-in-the-middle obtener información sensible o modificar datos mediante el aprovechamiento de una URL protegida indebidamente para obtener e... • http://www-01.ibm.com/support/docview.wss?uid=swg21655578 • CWE-255: Credentials Management Errors •