Vulnerabilities > CVE-2011-1367 - Remote Command Execution vulnerability in IBM Rational AppScan '.scan' file

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

ibm

critical

NVD

Published: 2011-10-30

Updated: 2017-08-17

Summary

Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Rational Appscan 7.8.0 IBM Rational Appscan 7.8.0.1 IBM Rational Appscan 7.8.0.2 IBM Rational Appscan 7.9.0 IBM Rational Appscan 7.9.0.1 IBM Rational Appscan 7.9.0.2 IBM Rational Appscan 7.9.0.3 IBM Rational Appscan 8.0.0 IBM Rational Appscan 8.0.0.1 IBM Rational Appscan 8.0.0.2	20

References

http://secunia.com/advisories/46326
http://secunia.com/advisories/46329
http://www.securityfocus.com/bid/49989
http://www-01.ibm.com/support/docview.wss?uid=swg21515110
https://exchange.xforce.ibmcloud.com/vulnerabilities/70044