Security Bulletin: Vulnerabilities in Rational AppScan Enterprise, Rational PolicyTester and Reporting Console
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirthigh appscan psirtsecurity rational
0 Comments | 1,795 Visits
Multiple vulnerabilities have been addressed in IBM Rational AppScan Enterprise, IBM Rational AppScan Tester Edition, IBM Rational AppScan Reporting Console and IBM Rational Policy Tester. These vulnerabilities include cross-site scripting, cross-site request forgery, spoofing, file upload, and several attacks caused by the impersonation of a service account with administrative privileges
Versions 5.2 through 8.5 of Rational AppScan Enterprise, Rational AppScan Tester Edition, Rational Policy Tester and Rational AppScan Reporting Console running on Microsoft Windows are affected.
CVE(s): CVE-2007-3633, CVE-2012-0729, CVE-2012-0730, CVE-2012-0731, CVE-2012-0732, CVE-2012-0733, CVE-2012-0734, CVE-2012-0735, CVE-2012-0736, CVE-2012-0737
Affected product(s): IBM Rational AppScan Enterprise, IBM Rational AppScan Tester Edition, IBM Rational AppScan Reporting Console, IBM Rational Policy Tester
Affected version(s): 5.4, 5.5, 5.6, 8.0, 8.5
Refer to the following reference URLs for remediation and additional vulnerability details.