CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4062
https://notcve.org/view.php?id=CVE-2013-4062
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof Jazz Team servers, obtain sensitive information, and modify the client-server data stream via a crafted certificate. IBM Rational Policy Tester 8.5 anterior a 8.5.0.5 no verifica apropiadamente certificados X.509 desde servidores SSL, lo que permite a atacantes man-in-the-middle falsear servidores Jazz Team, obtener información sensible y modificar el flujo de datos cliente-servidor a través de un certificado manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21648481 https://exchange.xforce.ibmcloud.com/vulnerabilities/86586 • CWE-310: Cryptographic Issues •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4061
https://notcve.org/view.php?id=CVE-2013-4061
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors. IBM Rational Policy Tester 8.5 anteriores a 8.5.0.5 no comprueba apropiadamente la autorización de cambios en el conjunto de hosts de autentificación, lo que permite a usuarios remotos autentificados realizar ataques de falseamiento que impliquen una redirección HTTP a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21648481 https://exchange.xforce.ibmcloud.com/vulnerabilities/86585 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0474
https://notcve.org/view.php?id=CVE-2013-0474
The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. El complemento de navegador Manual Explore en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 que permite a atacantes remotos descubrir la prueba de Platform Authentication de credenciales a través de sitios web manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/81338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0473
https://notcve.org/view.php?id=CVE-2013-0473
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de reportes manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/81337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0532
https://notcve.org/view.php?id=CVE-2013-0532
Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 y IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para peticiones que provocan una denegación de servicio a través de HTTP con formato incorrecto de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/82595 • CWE-352: Cross-Site Request Forgery (CSRF) •