Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0738

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-0738
Last Modified 11 Jan 2013 12:00:00
Published 28 Dec 2012 06:48:44
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0738

Summary

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

Vulnerable Systems

Application

  • Ibm Rational Policy Tester 5.4.0.1

  • Ibm Rational Policy Tester 5.5

  • Ibm Rational Policy Tester 5.5.0.0

  • Ibm Rational Policy Tester 5.5.0.1

  • Ibm Rational Policy Tester 5.5.0.2

  • Ibm Rational Policy Tester 5.6

  • Ibm Rational Policy Tester 5.6.0.0

  • Ibm Rational Policy Tester 5.6.0.1

  • Ibm Rational Policy Tester 5.6.0.2

  • Ibm Rational Policy Tester 5.6.0.3

  • Ibm Rational Policy Tester 8.0

  • Ibm Rational Policy Tester 8.0.0.0

  • Ibm Rational Policy Tester 8.0.0.1

  • Ibm Rational Policy Tester 8.0.0.2

  • Ibm Rational Policy Tester 8.0.1.0

  • Ibm Rational Policy Tester 8.0.1.1

  • Ibm Rational Policy Tester 8.5

  • Ibm Rational Policy Tester 8.5.0.0

  • Ibm Rational Policy Tester 8.5.0.1

  • Ibm Rational Policy Tester 8.5.0.2

  • Ibm Security Appscan 5.4

  • Ibm Security Appscan 5.5

  • Ibm Security Appscan 5.6

  • Ibm Security Appscan 6.0.0.0

  • Ibm Security Appscan 6.0.1.0

  • Ibm Security Appscan 6.0.2.0

  • Ibm Security Appscan 6.1.1.0

  • Ibm Security Appscan 8.0

  • Ibm Security Appscan 8.0.0.0

  • Ibm Security Appscan 8.0.0.1

  • Ibm Security Appscan 8.5

  • Ibm Security Appscan 8.5.0.0

  • Ibm Security Appscan 8.5.0.1

  • Ibm Security Appscan 8.6

  • Ibm Security Appscan 8.6.0.0

  • Ibm Security Appscan 8.6.0.1


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21620760

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21620759

XF - appscan-scan-spoofing(74578)


Last Updated: 27 May 2016 11:01:36