Security Bulletin: Vulnerabilities in AppScan Enterprise, PolicyTester and Reporting Console

VULNERABILITY DETAILS

CVE ID(s): CVE-2012-0731, CVE-2012-0733, CVE-2012-0734, CVE-2012-0735, CVE-2012-0736

DESCRIPTION: IBM Rational AppScan Enterprise may be vulnerable to several attacks caused by the impersonation of a service account with administrative privileges.

CVE-2012-0731
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74371 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:S/C:C/I:N/A:N)

CVE-2012-0733
CVSS Base Score: 6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74374 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVE-2012-0734
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74557 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE-2012-0735
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74558 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE-2012-0736
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74559 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2012-0729

DESCRIPTION: IBM Rational AppScan Enterprise could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions on an administrative page.

CVSS Base Score: 6.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74366 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:S/C:P/I:P/A:P)

CVE ID: CVE-2012-0737

DESCRIPTION: IBM Rational AppScan Enterprise is vulnerable to cross-site scripting, caused by improper validation of user supplied input. An attacker could use this vulnerability to steal the victim cookie-based authentication credentials.

CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74560 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID: CVE-2007-3633

DESCRIPTION: Rational AppScan Enterprise is vulnerable to a Chilkat Zip issue which could allow an attacker to overwrite system files using specially crafted zip files.

CVSS Base Score: 9.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/35294 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:C/A:C)

NOTE: The following entries only apply to the 8.5.0.0 version of AppScan Enterprise, AppScan Tester, and Policy Tester:

CVE ID: CVE-2012-0730

DESCRIPTION: IBM Rational AppScan Enterprise is vulnerable to cross-site request forgery, caused by improper validation of user supplied input by multiple scripts. By persuading an authenticated user to visit a malicious website, a remote attacker could gain administrative privileges on the AppScan Enterprise server

CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74370 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2012-0732

DESCRIPTION: IBM Rational AppScan Enterprise could allow a remote attacker to conduct spoofing attacks, caused by a failure to perform SSL certificate validation by the AppScan Enterprise Console client. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to launch further attacks against the victim.

CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74389 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

---

AFFECTED PLATFORMS: Versions 5.2 through 8.5 of AppScan Enterprise, AppScan Tester, Policy Tester and Reporting Console running on Microsoft Windows are affected.

REMEDIATION: The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Fix:For IBM Rational AppScan Enterprise, IBM Rational AppScan Tester Edition, IBM Rational Policy Tester and IBM Rational AppScan Reporting Console, from version 5.4 to version 8.5:

• Apply the 8.5.0.1 Fix Pack
• If you are unable to upgrade to version 8.5.0.1, contact IBM Technical Support.
  

Workaround:
Not applicable; apply fixes.

REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this alert.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.