Page 3 of 20 results (0.012 seconds)

CVSS: 1.7EPSS: 0%CPEs: 16EXPL: 0

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. IBM Security AppScan Enterprise anteriores a 8.7 no invalida el contexto de sesión en una acción de cierre de sesión, lo que permite a atacantes remotos secuestrar sesiones aprovechando estaciones de trabajo desatendidas. • http://www-01.ibm.com/support/docview.wss?uid=swg21640352 https://exchange.xforce.ibmcloud.com/vulnerabilities/84066 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. IBM Securiity AppScan Enterprise v5.6 y v8.x anterior a v8.7 que incluye una prueba de seguridad que evía cookies de sesión a un servidor externo específico, lo que permite a ataques man-in-the-middle secuestrar la cuenta de la prueba capturando esas cookies. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 https://exchange.xforce.ibmcloud.com/vulnerabilities/82592 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Múltiples vulnerabilidades de inyección SQL en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 que permite a usuarios autenticados ejecutar código arbitrario SQL a través de parámetros sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 https://exchange.xforce.ibmcloud.com/vulnerabilities/82344 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. Desbordamiento de búfer basado en pila en la implementación en el complemento Manual Explore del navegador Firefox para IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 que permite a atacantes remotos causar una denegación de servicios (caída del complemento) a través de una página web manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/82593 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de reportes manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/81337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •