Security Bulletin: Cross-Site Request Forgery vulnerability in IBM Security AppScan Standard (CVE-2013-0474)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtsecurity psirtmedium
0 Comments | 770 Visits
An attacker could specially craft a page to capture platform credentials upon visiting the page with the manual explore browser plug-in. This could lead to takeover of the test account being used for scanning. Specific knowledge of AppScan Standard along with the ability to modify the site being tested is necessary to conduct the attack. The attack can be conducted over the internet. No authentication is required for this attack.
Affected product(s) & Affected version(s):
· Versions 8.6 through 18.104.22.168 of Security AppScan Standard running on Microsoft Windows
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21632346
X-Force Database: http://xforce.iss.net/xforce/xfdb/81338