CVE-2012-0738
https://notcve.org/view.php?id=CVE-2012-0738
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. IBM Security AppScan Enterprise antes de v8.6.0.2 y Rational Policy Tester Tellows antes de v8.5.0.3 no validan los certificados X.509 durante la exploración, lo que permite a atacantes man-in-the-middle falsificar servidores de su elección a través de un certificado SSL de su elección. • http://www-01.ibm.com/support/docview.wss?uid=swg21620759 http://www-01.ibm.com/support/docview.wss?uid=swg21620760 https://exchange.xforce.ibmcloud.com/vulnerabilities/74578 • CWE-20: Improper Input Validation •
CVE-2012-2173
https://notcve.org/view.php?id=CVE-2012-2173
The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. El controlador ODBC de IBM Security AppScan Source v7.x y v8.x anterior a v8.6 envía un hash SHA-1 de la contraseña de conexión durante las conexiones a una base de datos solidDB, que permite a atacantes remotos obtener información sensible el tráfico de la red. • http://www.ibm.com/support/docview.wss?uid=swg21598423 https://exchange.xforce.ibmcloud.com/vulnerabilities/75242 • CWE-255: Credentials Management Errors •
CVE-2012-2161
https://notcve.org/view.php?id=CVE-2012-2161
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en deferredView.jsp in IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y PASW Data Collection Developer Library v6.0 y v6.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un URL malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21596690 http://www.ibm.com/support/docview.wss?uid=swg21598423 https://exchange.xforce.ibmcloud.com/vulnerabilities/74833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2159
https://notcve.org/view.php?id=CVE-2012-2159
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y IBM SPSS Data Collection Developer Library v6.0 y v6.0.1 , permite a atacantes remotos redirigir a los usuarios a la web arbitraria sitios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg21596690 http://www.ibm.com/support/docview.wss?uid=swg21598423 https://exchange.xforce.ibmcloud.com/vulnerabilities/74832 • CWE-20: Improper Input Validation •