IBM Rational AppScan CVE-2013-0511 Unspecified SQL Injection Vulnerabilitiy

Bugtraq ID:	58686
Class:	Input Validation Error
CVE:	CVE-2013-0511
Remote:	Yes
Local:	No
Published:	Mar 25 2013 12:00AM
Updated:	Mar 25 2013 12:00AM
Credit:	Reported by vendor.
Vulnerable:	IBM Rational Policy Tester 8.5.0.1 IBM Rational Policy Tester 8.5 IBM Rational AppScan Enterprise 8.0.1.1 IBM Rational AppScan Enterprise 8.0.1 IBM Rational AppScan Enterprise 8.0.0.1 IBM Rational AppScan Enterprise 8.0.0
Not Vulnerable:

IBM Rational AppScan CVE-2013-0511 Unspecified SQL Injection Vulnerabilitiy

IBM Rational AppScan is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database

IBM Rational AppScan versions 5.6 to 8.6.0.2 are vulnerable.

IBM Rational AppScan CVE-2013-0511 Unspecified SQL Injection Vulnerabilitiy

Attackers can use a browser to exploit this issue.

IBM Rational AppScan CVE-2013-0511 Unspecified SQL Injection Vulnerabilitiy

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Rational AppScan CVE-2013-0511 Unspecified SQL Injection Vulnerabilitiy

References:

• IBM Homepage (IBM)
  
• Rational AppScan Enterprise Homepage (IBM)
  
• Rational Policy Tester family HomePage (IBM)
  
• Security Bulletin: Multiple vulnerabilities in IBM Rational Policy Tester (IBM)
  
• Security Bulletin: Multiple vulnerabilities in IBM Security AppScan Enterprise (IBM)