Remote Command Execution in IBM Rational AppScan Products
CVE-2011-1366

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Appscan
Vendor: CVE Published:; 30 October 2011

Summary

An unspecified vulnerability exists in the Import feature of IBM Rational AppScan Enterprise and AppScan Reporting Console. This flaw enables remote attackers to execute arbitrary commands on an agent server by uploading a specially crafted ZIP archive. The vulnerability affects multiple versions of the product, specifically those before 8.0.1.1. Proper safeguards and updates are essential to mitigate potential risks associated with this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/70043

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21515110

x_refsource_CONFIRM

http://secunia.com/advisories/46329

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 30, 2011
Vulnerability Reserved
Mar 10, 2011