VYPR

Security Appscan Source

by IBM

CVEs (18)

  • CVE-2014-6120CriApr 12, 2018
    risk 0.64cvss 9.8epss 0.05

    IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified…

  • CVE-2016-3033HigDec 1, 2016
    risk 0.53cvss 8.1epss 0.01

    IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External…

  • CVE-2016-3035MedFeb 1, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server.

  • CVE-2016-3034MedFeb 1, 2017
    risk 0.29cvss 4.4epss 0.00

    IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

  • CVE-2024-30149Oct 31, 2024
    risk 0.00cvss epss 0.00

    HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.

  • CVE-2019-4388Dec 18, 2019
    risk 0.00cvss epss 0.01

    HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.

  • CVE-2019-16188Sep 25, 2019
    risk 0.00cvss epss 0.01

    HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in…

  • CVE-2014-6123Dec 29, 2014
    risk 0.00cvss epss 0.00

    IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

  • CVE-2014-6135Dec 23, 2014
    risk 0.00cvss epss 0.01

    IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

  • CVE-2014-6122Dec 23, 2014
    risk 0.00cvss epss 0.02

    IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently…

  • CVE-2014-6121Dec 23, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to…

  • CVE-2014-6119Dec 23, 2014
    risk 0.00cvss epss 0.04

    IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an…

  • CVE-2014-4812Oct 26, 2014
    risk 0.00cvss epss 0.00

    The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 has an open network port for a debug service, which allows remote attackers to obtain sensitive information by connecting to this port.

  • CVE-2014-3072Aug 12, 2014
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Automation Server in IBM Security AppScan Source 8 through 8.0.0.2, 8.5 through 8.5.0.1, 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, and 9.0 through 9.0.0.1 allows local users to gain privileges by executing a crafted service.

  • CVE-2014-0936Jun 8, 2014
    risk 0.00cvss epss 0.01

    IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2012-2173Jun 20, 2012
    risk 0.00cvss epss 0.01

    The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2012-2161Jun 20, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or…

  • CVE-2012-2159Jun 20, 2012
    risk 0.00cvss epss 0.02

    Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing…