CVSS: 10.0EPSS: 4%CPEs: 14EXPL: 0CVE-2014-6120
https://notcve.org/view.php?id=CVE-2014-6120
12 Apr 2018 — IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. IBM Rational AppScan Source 8.0 hasta la versión 8.0.0.2 y 8.5 hasta la versión 8.5.0.1; y Security AppScan Source 8.6 hasta la versión 8.6.0.2, 8.7 hasta la versión 8.7.0.1, 8.8, 9.0 hasta la versión 9.0.0... • https://exchange.xforce.ibmcloud.com/vulnerabilities/96721 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3034
https://notcve.org/view.php?id=CVE-2016-3034
01 Feb 2017 — IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. IBM AppScan Source usa un hash unidireccional sin salt para cifrar información altamente sensible , lo que podría permitir a un atacante local descifrar información con mayor facilidad. • http://www.ibm.com/support/docview.wss?uid=swg21995903 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3035
https://notcve.org/view.php?id=CVE-2016-3035
01 Feb 2017 — IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. IBM AppScan Source podría revelar cierta información sensible a través de la exploración de enlaces de prueba en el servidor. • http://www.ibm.com/support/docview.wss?uid=swg21987325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2016-3033
https://notcve.org/view.php?id=CVE-2016-3033
01 Dec 2016 — IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM AppScan Source 8.7 hasta la versión 9.0.3.3 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación de servicio (consumo de memoria) a través de un documento XML que contiene ... • http://www-01.ibm.com/support/docview.wss?uid=swg21987326 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6123
https://notcve.org/view.php?id=CVE-2014-6123
29 Dec 2014 — IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. IBM Rational AppScan Source 8.0 a través de 8.0.0.2 y 8.5 a través de 8.5.0.1 y Security AppScan Source 8.6 a través de 8.6.0.2, 8.7 a través de 8.7.0.1, 8.8, 9.0 a través de 9.0.0.1, y 9.0.1 permite a usuarios locales obtener información sens... • http://www-01.ibm.com/support/docview.wss?uid=swg21692999 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2014-6121
https://notcve.org/view.php?id=CVE-2014-6121
23 Dec 2014 — Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anterior a 8.6 IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anteri... • http://www-01.ibm.com/support/docview.wss?uid=swg21693035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 9%CPEs: 7EXPL: 0CVE-2014-6119
https://notcve.org/view.php?id=CVE-2014-6119
23 Dec 2014 — IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anterior a IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003 y 9.0.1 anterior a 9.0.1 iFix 001 permite a atac... • http://secunia.com/advisories/62012 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-6135
https://notcve.org/view.php?id=CVE-2014-6135
23 Dec 2014 — IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anterior a 8.6 IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003, y 9.0.1 anterior a 9.0.1 iFix 001 permite a atacantes rem... • http://www-01.ibm.com/support/docview.wss?uid=swg21693035 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-6122
https://notcve.org/view.php?id=CVE-2014-6122
23 Dec 2014 — IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument. IBM Security AppScan Enterprise 8.5 anterior a 8.5 IFix 002, 8.6 anteriora 8.6 IFix 004, 8.7 anterior a 8.7 IFix 004, 8.8 anterior a 8.8 iFix 003, 9.0 anterior a 9.0.0.1 iFix 003, y 9.... • http://www-01.ibm.com/support/docview.wss?uid=swg21693035 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-4812
https://notcve.org/view.php?id=CVE-2014-4812
26 Oct 2014 — The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port. El instalador en IBM Security AppScan Source 8.x y 9.x hasta 9.0.1 tiene un puerto de red abierta para un servicio de depuración, lo que permite a atacantes remotos obtener información sensible mediante la conexión a este puerto. • http://www-01.ibm.com/support/docview.wss?uid=swg21686844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •