Security Bulletin: Vulnerability in Rational AppScan Standard, Express, Enterprise and Reporting Console with potential for command execution (CVE-2011-1366, CVE-2011-1367)

News


Abstract

A high risk security vulnerability in the "Import functionality" of IBM Rational AppScan Enterprise and IBM Rational AppScan Reporting Console and the "File Load functionality" of IBM Rational AppScan Standard and IBM Rational AppScan Express may result in remote command execution.

Content

VULNERABILITY DETAILS
CVE ID: CVE-2011-1366

DESCRIPTION:
When importing the contents of a ZIP file in IBM Rational AppScan Enterprise or IBM Rational AppScan Reporting Console, remote command execution is possible on an agent server computer when the import job is run.

CVSS:
CVSS Base Score: 8.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/70043 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:C/A:C)


AFFECTED PLATFORMS:

· Versions 5.2 through 8.0.1 of IBM Rational AppScan Enterprise and IBM Rational AppScan Reporting Console running on Microsoft Windows are affected.

REMEDIATION: The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information on the fixes available.

Fix:
For IBM Rational AppScan Enterprise and IBM Rational AppScan Reporting Console:

For version 8.0.1:
- Apply the 8.0.1.1 Fix Pack

For version 5.4 to version 8.0
- If you are unable to upgrade to version 8.0.1, contact IBM Technical Support.

Workaround:
None known; apply fixes.

Mitigation:
For IBM Rational AppScan Enterprise and IBM Rational AppScan Reporting Console:

· Examine the contents of a ZIP file before using it for an import job to ensure it does not contain any unexpected files.
· Restrict the disk write permissions for the Agent service account user to only the install folder of IBM Rational AppScan Enterprise and IBM Rational AppScan Reporting Console and below.



CVE ID: CVE-2011-1367

DESCRIPTION:
When loading a .scan file into IBM Rational AppScan Standard or IBM Rational AppScan Express, remote command execution is possible on the computer running these AppScan products.


CVSS:
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/70044 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)


AFFECTED PLATFORMS:

· Versions 7.8 through 8.0 of IBM Rational AppScan Standard and IBM Rational AppScan Express running on Microsoft Windows are affected.

REMEDIATION: The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information on the fixes available.

Fix:
For IBM Rational AppScan Standard and IBM Rational AppScan Express:

For version 8.0:
- Apply the 8.0.0.3 Fix Pack

For version 7.8 to version 7.9
- If you are unable to upgrade to version 8.0, contact IBM Technical Support.

Workaround:
None known; apply fixes.

Mitigation:
For IBM Rational AppScan Standard and IBM Rational AppScan Express:

· Examine the contents of a .scan file before loading it into IBM Rational AppScan Standard and IBM Rational AppScan Express to ensure it does not contain any unexpected files.

REFERENCES:

· Complete CVSS Guide
· On-line Calculator V2
· X-Force Vulnerability Database - Rational AppScan zip file code execution
· CVE-2011-1366
· X-Force Vulnerability Database - Rational AppScan scan file code execution
· CVE-2011-1367

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


Cross reference information
Segment Product Component Platform Version Edition
Security Security AppScan Enterprise News Windows 5.6, 8.0, 8.0.0.2 Enterprise
Application Servers Rational Policy Tester Accessibility Edition News Windows 5.6, 8.0, 8.0.0.2 Accessibility, Privacy, Quality

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security AppScan Standard
News

Software version:

7.9, 8.0

Operating system(s):

Windows

Reference #:

1515110

Modified date:

2013-06-20

Translate my page

Machine Translation

Content navigation