Page 4 of 27 results (0.012 seconds)

CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 0

IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the response content. IBM Security AppScan Enterprise 8.x anterior a 8.8 envía a la base de datos AppScan Source una contraseña sin cifrar en una respuesta, que permite a los usuarios autenticados remotos obtener información sensible, y, posteriormente, llevar a cabo ataques man-in-the-middle, examinando el contenido de la respuesta. • http://www-01.ibm.com/support/docview.wss?uid=swg21653287 https://exchange.xforce.ibmcloud.com/vulnerabilities/84975 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0

The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. La implementación SSL en IBM Security AppScan Enterprise anteriores a 8.7.0.1 activa suites de cifrado con algorimtos de cifrado débiles, lo cual facilita a atacantes remotos obtener información sensible mediante la captura de datos en la red. • http://www-01.ibm.com/support/docview.wss?uid=swg21640352 https://exchange.xforce.ibmcloud.com/vulnerabilities/84707 • CWE-310: Cryptographic Issues •

CVSS: 1.7EPSS: 0%CPEs: 16EXPL: 0

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. IBM Security AppScan Enterprise anteriores a 8.7 no invalida el contexto de sesión en una acción de cierre de sesión, lo que permite a atacantes remotos secuestrar sesiones aprovechando estaciones de trabajo desatendidas. • http://www-01.ibm.com/support/docview.wss?uid=swg21640352 https://exchange.xforce.ibmcloud.com/vulnerabilities/84066 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. IBM Securiity AppScan Enterprise v5.6 y v8.x anterior a v8.7 que incluye una prueba de seguridad que evía cookies de sesión a un servidor externo específico, lo que permite a ataques man-in-the-middle secuestrar la cuenta de la prueba capturando esas cookies. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 https://exchange.xforce.ibmcloud.com/vulnerabilities/82592 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Múltiples vulnerabilidades de inyección SQL en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 que permite a usuarios autenticados ejecutar código arbitrario SQL a través de parámetros sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 https://exchange.xforce.ibmcloud.com/vulnerabilities/82344 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •