IBM Rational Products Multiple Security Vulnerabilities
BID:53247
Info
IBM Rational Products Multiple Security Vulnerabilities
| Bugtraq ID: | 53247 |
| Class: | Unknown |
| CVE: |
CVE-2012-0729 CVE-2012-0730 CVE-2012-0731 CVE-2012-0732 CVE-2012-0733 CVE-2012-0734 CVE-2012-0735 CVE-2012-0736 CVE-2012-0737 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 25 2012 12:00AM |
| Updated: | Apr 25 2012 12:00AM |
| Credit: | Reported by the vendor |
| Vulnerable: |
IBM Rational Policy Tester 8.5 IBM Rational AppScan Reporting Console 8.0.1.1 IBM Rational AppScan Reporting Console 8.0.1 IBM Rational AppScan Reporting Console 5.5.0.2 IBM Rational AppScan Reporting Console 5.2 IBM Rational AppScan Enterprise 8.0.1.1 IBM Rational AppScan Enterprise 8.0.1 IBM Rational AppScan Enterprise 8.0.0.1 IBM Rational AppScan Enterprise 8.0.0 IBM Rational AppScan Enterprise 5.5.0.2 IBM Rational AppScan Enterprise 5.5 Fix Pack 1 IBM Rational AppScan Enterprise 5.5 IBM Rational AppScan Enterprise 5.2 |
| Not Vulnerable: |
IBM Rational Policy Tester 8.5.0.1 IBM Rational AppScan Reporting Console 8.5.0.1 IBM Rational AppScan Enterprise 8.5.0.1 |
Discussion
IBM Rational Products Multiple Security Vulnerabilities
IBM Rational Products are prone to multiple security vulnerabilities, including:
1. An arbitrary-file-upload vulnerability
2. An arbitrary-file-download vulnerability
3. An HTML-injection vulnerability
4. Multiple information-disclosure vulnerabilities
5. A session-hijacking vulnerability
6. A cross-site request-forgery vulnerability
7. An arbitrary-code-execution vulnerability
8. A security-bypass vulnerability
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, gain unauthorized access, download arbitrary files, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, perform unauthorized actions and man-in-the-middle attacks, or impersonate trusted servers. This may aid in launching further attacks.
IBM Rational Products are prone to multiple security vulnerabilities, including:
1. An arbitrary-file-upload vulnerability
2. An arbitrary-file-download vulnerability
3. An HTML-injection vulnerability
4. Multiple information-disclosure vulnerabilities
5. A session-hijacking vulnerability
6. A cross-site request-forgery vulnerability
7. An arbitrary-code-execution vulnerability
8. A security-bypass vulnerability
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, gain unauthorized access, download arbitrary files, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, perform unauthorized actions and man-in-the-middle attacks, or impersonate trusted servers. This may aid in launching further attacks.
Exploit / POC
IBM Rational Products Multiple Security Vulnerabilities
An attacker can use a web browser to exploit some of these issues.
To exploit a cross-site scripting or cross-site request forgery vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
An attacker can use a web browser to exploit some of these issues.
To exploit a cross-site scripting or cross-site request forgery vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
IBM Rational Products Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.