Service Account Impersonation in IBM Rational AppScan Enterprise
CVE-2012-0731

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Appscan
Vendor: CVE Published:; 3 May 2012

Summary

IBM Rational AppScan Enterprise versions 5.x and 8.x prior to 8.5.0.1 are susceptible to a vulnerability that allows remote authenticated users to impersonate service accounts. This weakness enables these users to read arbitrary files through unspecified vectors, potentially exposing sensitive information and increasing the risk of data breaches. Organizations using these affected versions should promptly update to mitigate this security concern.

References

http://secunia.com/advisories/48967

third-party-advisoryx_refsource_SECUNIA

http://www.ibm.com/support/docview.wss?uid=swg21592188

x_refsource_CONFIRM

http://secunia.com/advisories/48968

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 3, 2012
Vulnerability Reserved
Jan 17, 2012