CVE-2014-6122

Name of the Vulnerable Software and Affected Versions IBM Security AppScan Enterprise versions 8.5 through 8.5 before IFix 002 IBM Security AppScan Enterprise versions 8.6 through 8.6 before IFix 004 IBM Security AppScan Enterprise versions 8.7 through 8.7 before IFix 004 IBM Security AppScan Enterprise versions 8.8 through 8.8 before iFix 003 IBM Security AppScan Enterprise versions 9.0 through 9.0.0.1 before iFix 003 IBM Security AppScan Enterprise versions 9.0.1 through 9.0.1 before iFix 001

Description The issue allows remote authenticated users to write to arbitrary folders and consequently execute arbitrary commands via a modified argument.

Recommendations For IBM Security AppScan Enterprise version 8.5, apply IFix 002 to resolve the issue. For IBM Security AppScan Enterprise version 8.6, apply IFix 004 to resolve the issue. For IBM Security AppScan Enterprise version 8.7, apply IFix 004 to resolve the issue. For IBM Security AppScan Enterprise version 8.8, apply iFix 003 to resolve the issue. For IBM Security AppScan Enterprise version 9.0.0.1, apply iFix 003 to resolve the issue. For IBM Security AppScan Enterprise version 9.0.1, apply iFix 001 to resolve the issue.