15 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416. Vulnerabilidad de Cross-Site Scripting (XSS) en versiones 9.0.x anteriores a la 9.0.2 iFix 001 de IBM AppScan Enterprise Edition permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 103416. • http://www-01.ibm.com/support/docview.wss?uid=swg21883124 https://exchange.xforce.ibmcloud.com/vulnerabilities/103416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. IBM Rational AppScan Source 8.0 hasta la versión 8.0.0.2 y 8.5 hasta la versión 8.5.0.1; y Security AppScan Source 8.6 hasta la versión 8.6.0.2, 8.7 hasta la versión 8.7.0.1, 8.8, 9.0 hasta la versión 9.0.0.1 y 9.0.1 permiten que atacantes remotos ejecuten comandos arbitrarios en el servidor de instalación mediante vectores sin especificar. IBM X-Force ID: 96721. • https://exchange.xforce.ibmcloud.com/vulnerabilities/96721 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM Security AppScan Standard 8.7.x, 8.8.x y 9.x en versiones anteriores a 9.0.3.2 y Security AppScan Enterprise permiten a usuarios remotos autenticados leer archivos arbitrarios a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21980055 http://www.securitytracker.com/id/1035927 •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 soporta sesiones no codificadas, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 https://exchange.xforce.ibmcloud.com/vulnerabilities/96816 • CWE-310: Cryptographic Issues •

CVSS: 5.8EPSS: 0%CPEs: 15EXPL: 0

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información información sensible a través de un certificado manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 https://exchange.xforce.ibmcloud.com/vulnerabilities/99304 • CWE-310: Cryptographic Issues •