CVE-2011-1366

Current Description

Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive.

Basic Data

PublishedOctober 30, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score8.8
SeverityHIGH
Exploitability Score8.6
Impact Score9.2
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmRational Appscan5.2*enterprise*****
    2.3ApplicationIbmRational Appscan5.4*enterprise*****
    2.3ApplicationIbmRational Appscan5.5*enterprise*****
    2.3ApplicationIbmRational Appscan5.5.0*enterprise*****
    2.3ApplicationIbmRational Appscan5.5.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan5.5.0.2*enterprise*****
    2.3ApplicationIbmRational Appscan5.6.0*enterprise*****
    2.3ApplicationIbmRational Appscan5.6.0.3*enterprise*****
    2.3ApplicationIbmRational Appscan7.7.0*enterprise*****
    2.3ApplicationIbmRational Appscan7.7.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan7.7.0.2*enterprise*****
    2.3ApplicationIbmRational Appscan7.8.0*enterprise*****
    2.3ApplicationIbmRational Appscan7.8.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan7.8.0.2*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0.2*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0.3*enterprise*****
    2.3ApplicationIbmRational Appscan8.0.0*enterprise*****
    2.3ApplicationIbmRational Appscan8.0.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan8.0.0.2*enterprise*****
    2.3ApplicationIbmRational Appscan8.0.1*enterprise*****
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmRational Appscan5.2*******
    2.3ApplicationIbmRational Appscan5.4*******
    2.3ApplicationIbmRational Appscan5.5*******
    2.3ApplicationIbmRational Appscan5.5.0*******
    2.3ApplicationIbmRational Appscan5.5.0.1*******
    2.3ApplicationIbmRational Appscan5.5.0.2*******
    2.3ApplicationIbmRational Appscan5.6.0*******
    2.3ApplicationIbmRational Appscan5.6.0.3*******
    2.3ApplicationIbmRational Appscan7.7.0*******
    2.3ApplicationIbmRational Appscan7.7.0.1*******
    2.3ApplicationIbmRational Appscan7.7.0.2*******
    2.3ApplicationIbmRational Appscan7.8.0*******
    2.3ApplicationIbmRational Appscan7.8.0.1*******
    2.3ApplicationIbmRational Appscan7.8.0.2*******
    2.3ApplicationIbmRational Appscan7.9.0*******
    2.3ApplicationIbmRational Appscan7.9.0.1*******
    2.3ApplicationIbmRational Appscan7.9.0.2*******
    2.3ApplicationIbmRational Appscan7.9.0.3*******
    2.3ApplicationIbmRational Appscan8.0.0*******
    2.3ApplicationIbmRational Appscan8.0.0.1*******
    2.3ApplicationIbmRational Appscan8.0.0.2*******
    2.3ApplicationIbmRational Appscan8.0.0.3*******

Vulnerable Software List

VendorProductVersions
Ibm Rational Appscan 5.2, 5.4, 5.5, 5.5.0, 5.5.0.1, 5.5.0.2, 5.6.0, 5.6.0.3, 7.7.0, 7.7.0.1, 7.7.0.2, 7.8.0, 7.8.0.1, 7.8.0.2, 7.9.0, 7.9.0.1, 7.9.0.2, 7.9.0.3, 8.0.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.1

References

NameSourceURLTags
46326http://secunia.com/advisories/46326SECUNIA
46329http://secunia.com/advisories/46329SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21515110http://www-01.ibm.com/support/docview.wss?uid=swg21515110CONFIRM
rational-appscan-zip-code-execution(70043)https://exchange.xforce.ibmcloud.com/vulnerabilities/70043XF