PT-2018-4281 · Ibm · Ibm Rational Appscan Source+1
Published
2018-04-12
·
Updated
2018-05-11
·
CVE-2014-6120
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM Rational AppScan Source versions 8.0 through 8.0.0.2
IBM Rational AppScan Source versions 8.5 through 8.5.0.1
IBM Security AppScan Source versions 8.6 through 8.6.0.2
IBM Security AppScan Source versions 8.7 through 8.7.0.1
IBM Security AppScan Source version 8.8
IBM Security AppScan Source versions 9.0 through 9.0.0.1
IBM Security AppScan Source version 9.0.1
Description
The issue allows remote attackers to execute arbitrary commands on the installation server via unspecified vectors.
Recommendations
For IBM Rational AppScan Source versions 8.0 through 8.0.0.2, update to a version outside of this range.
For IBM Rational AppScan Source versions 8.5 through 8.5.0.1, update to a version outside of this range.
For IBM Security AppScan Source versions 8.6 through 8.6.0.2, update to a version outside of this range.
For IBM Security AppScan Source versions 8.7 through 8.7.0.1, update to a version outside of this range.
For IBM Security AppScan Source version 8.8, update to a version outside of this range.
For IBM Security AppScan Source versions 9.0 through 9.0.0.1, update to a version outside of this range.
For IBM Security AppScan Source version 9.0.1, update to a version outside of this range.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Rational Appscan Source
Ibm Security Appscan Source