CVE-2011-1367

Current Description

Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.

Basic Data

PublishedOctober 30, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmRational Appscan7.8.0*******
    2.3ApplicationIbmRational Appscan7.8.0.1*******
    2.3ApplicationIbmRational Appscan7.8.0.2*******
    2.3ApplicationIbmRational Appscan7.9.0*******
    2.3ApplicationIbmRational Appscan7.9.0.1*******
    2.3ApplicationIbmRational Appscan7.9.0.2*******
    2.3ApplicationIbmRational Appscan7.9.0.3*******
    2.3ApplicationIbmRational Appscan8.0.0*******
    2.3ApplicationIbmRational Appscan8.0.0.1*******
    2.3ApplicationIbmRational Appscan8.0.0.2*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmRational Appscan7.8.0*enterprise*****
    2.3ApplicationIbmRational Appscan7.8.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan7.8.0.2*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0.2*enterprise*****
    2.3ApplicationIbmRational Appscan7.9.0.3*enterprise*****
    2.3ApplicationIbmRational Appscan8.0.0*enterprise*****
    2.3ApplicationIbmRational Appscan8.0.0.1*enterprise*****
    2.3ApplicationIbmRational Appscan8.0.0.2*enterprise*****

Vulnerable Software List

VendorProductVersions
Ibm Rational Appscan 7.8.0, 7.8.0.1, 7.8.0.2, 7.9.0, 7.9.0.1, 7.9.0.2, 7.9.0.3, 8.0.0, 8.0.0.1, 8.0.0.2

References

NameSourceURLTags
46326http://secunia.com/advisories/46326SECUNIA
46329http://secunia.com/advisories/46329SECUNIA
49989http://www.securityfocus.com/bid/49989BID
http://www-01.ibm.com/support/docview.wss?uid=swg21515110http://www-01.ibm.com/support/docview.wss?uid=swg21515110CONFIRM
rational-appscan-scan-code-execution(70044)https://exchange.xforce.ibmcloud.com/vulnerabilities/70044XF