Page 5 of 26 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de reportes manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/81337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 y IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para peticiones que provocan una denegación de servicio a través de HTTP con formato incorrecto de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/82595 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. El complemento de navegador Manual Explore en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 que permite a atacantes remotos descubrir la prueba de Platform Authentication de credenciales a través de sitios web manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/81338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 0

IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability. IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 y IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 crea un servicio que le falta "(comillas dobles) caracter en la ruta del servicio, lo que permite a usuarios locales obtener privilegios a través de un Troyano, relacionado con una vulnerabilidad "Unquoted Service Path Enumeration". • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/82594 •

CVSS: 5.8EPSS: 0%CPEs: 25EXPL: 0

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate. IBM Security AppScan Enterprise antes de v8.6.0.2 y Rational Policy Tester Tellows antes de v8.5.0.3 no validan los certificados X.509 durante el uso de la fuincionalidad proxy manual de exploración, lo que permite atacantes 'man-in-the-middle' falsificar servidores SSL de su elección usando cualquier certificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21620759 http://www-01.ibm.com/support/docview.wss?uid=swg21620760 https://exchange.xforce.ibmcloud.com/vulnerabilities/74142 • CWE-20: Improper Input Validation •