SSL Certificate Verification Flaw in IBM Rational AppScan Enterprise
CVE-2012-0732

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Appscan
Vendor: CVE Published:; 3 May 2012

Summary

The Enterprise Console client in IBM Rational AppScan Enterprise versions 5.x and 8.x prior to 8.5.0.1 is susceptible to a vulnerability that arises from the failure to verify X.509 certificates from SSL servers. This oversight creates an opportunity for man-in-the-middle attackers to leverage crafted certificates to impersonate trusted servers, potentially leading to the exposure of sensitive information. Ensuring proper SSL certificate validation is crucial in mitigating the risk of such attacks.

References

http://secunia.com/advisories/48967

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/74389

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21592188

x_refsource_CONFIRM

Timeline

Vulnerability published
May 3, 2012
Vulnerability Reserved
Jan 17, 2012