CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1952
https://notcve.org/view.php?id=CVE-2015-1952
Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416. Vulnerabilidad de Cross-Site Scripting (XSS) en versiones 9.0.x anteriores a la 9.0.2 iFix 001 de IBM AppScan Enterprise Edition permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. IBM X-Force ID: 103416. • http://www-01.ibm.com/support/docview.wss?uid=swg21883124 https://exchange.xforce.ibmcloud.com/vulnerabilities/103416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2016-9981
https://notcve.org/view.php?id=CVE-2016-9981
IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257 IBM AppScan Enterprise Edition 9.0 incluye una vulnerabilidad no especificada que podría permitir a un atacante secuestrar una sesión de usuario válida. IBM X-Force ID: 120257 • http://www.ibm.com/support/docview.wss?uid=swg22006430 http://www.securitytracker.com/id/1039073 https://exchange.xforce.ibmcloud.com/vulnerabilities/120257 • CWE-384: Session Fixation •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2016-6042
https://notcve.org/view.php?id=CVE-2016-6042
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim. IBM AppScan Enterprise Edition podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, provocado por manipulación indebida de objetos en memoria. Al persuadir a una víctima para abrir un contenido especialmente manipulado, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema en el mismo contexto que la víctima. • http://www.ibm.com/support/docview.wss?uid=swg21995118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2016-0288
https://notcve.org/view.php?id=CVE-2016-0288
IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM Security AppScan Standard 8.7.x, 8.8.x y 9.x en versiones anteriores a 9.0.3.2 y Security AppScan Enterprise permiten a usuarios remotos autenticados leer archivos arbitrarios a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21980055 http://www.securitytracker.com/id/1035927 •
CVSS: 5.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-8918
https://notcve.org/view.php?id=CVE-2014-8918
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. IBM Security AppScan Standard 8.x y 9.x anterior a 9.0.1.1 FP1 no verifica correctamente los certificados X.509 de servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información información sensible a través de un certificado manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21695170 https://exchange.xforce.ibmcloud.com/vulnerabilities/99304 • CWE-310: Cryptographic Issues •