Vulnerabilities > IBM > Security Appscan > 8.0.11

DATE CVE VULNERABILITY TITLE RISK
2013-03-29 CVE-2013-0474 Information Exposure vulnerability in IBM Rational Policy Tester and Security Appscan
The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site.
network
ibm CWE-200
4.3
4.3
2013-03-29 CVE-2013-0473 Cross-Site Scripting vulnerability in IBM Rational Policy Tester and Security Appscan
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report.
network
ibm CWE-79
4.3
4.3
2012-12-28 CVE-2012-0741 Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.
network
ibm CWE-20
5.8
5.8
2012-12-28 CVE-2012-0738 Improper Input Validation vulnerability in IBM Rational Policy Tester and Security Appscan
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.
network
ibm CWE-20
5.8
5.8