Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-0734

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-03 May, 2012 | 01:00
Updated At-06 Aug, 2024 | 18:38
Rejected At-
Credits

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:03 May, 2012 | 01:00
Updated At:06 Aug, 2024 | 18:38
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/48967
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/74557
vdb-entry
x_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21592188
x_refsource_CONFIRM
http://secunia.com/advisories/48968
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/53247
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/48967
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74557
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21592188
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/48968
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/53247
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/48967
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/74557
vdb-entry
x_refsource_XF
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21592188
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/48968
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/53247
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/48967
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74557
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21592188
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/48968
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/53247
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:03 May, 2012 | 04:08
Updated At:11 Apr, 2025 | 00:51

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
IBM Corporation
ibm
>>rational_appscan>>5.2
cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>5.4
cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>5.5.0
cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>5.5.0.1
cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>5.5.0.2
cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>5.6.0
cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>5.6.0.3
cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.0.0
cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.0.0.1
cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.0.0.2
cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.0.0.3
cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.0.1
cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.0.1.1
cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.5.0
cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*
IBM Corporation
ibm
>>rational_appscan>>8.5.0.0
cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/48967psirt@us.ibm.com
N/A
http://secunia.com/advisories/48968psirt@us.ibm.com
N/A
http://www.ibm.com/support/docview.wss?uid=swg21592188psirt@us.ibm.com
Vendor Advisory
http://www.securityfocus.com/bid/53247psirt@us.ibm.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/74557psirt@us.ibm.com
N/A
http://secunia.com/advisories/48967af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48968af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg21592188af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/53247af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/74557af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/48967
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48968
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21592188
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/53247
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74557
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48967
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48968
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21592188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/53247
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74557
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2013-0509
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-8.50% / 92.00%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_netcool_system_service_monitorstivoli_netcool_application_service_monitorsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0508
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.45% / 62.69%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_netcool_system_service_monitorstivoli_netcool_application_service_monitorsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0735
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.52% / 65.68%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_appscann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0919
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-21.28% / 95.47%
||
7 Day CHG~0.00%
Published-03 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominolotus_inotesdomino_web_accessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2279
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.48% / 64.27%
||
7 Day CHG~0.00%
Published-14 Jun, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_connectionsn/a
CVE-2014-2428
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.6||HIGH
EPSS-2.19% / 83.72%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 02:05
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aIBM CorporationOracle CorporationMicrosoft Corporation
Product-windowsjrejdkforms_viewern/a
CVE-2014-0448
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.6||HIGH
EPSS-2.02% / 83.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aIBM CorporationOracle CorporationMicrosoft Corporation
Product-windowsjrejdkforms_viewern/a
CVE-2014-0904
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-12.21% / 93.58%
||
7 Day CHG~0.00%
Published-26 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_appscann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-4938
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-9.50% / 92.52%
||
7 Day CHG~0.00%
Published-18 Sep, 2007 | 19:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Action-Not Available
Vendor-windriversanta_cruz_operationmplayern/aSilicon Graphics, Inc.Apple Inc.IBM CorporationMicrosoft CorporationMandriva (Mandrakesoft)Linux Kernel Organization, IncHP Inc.Sun Microsystems (Oracle Corporation)
Product-solariswindows_xphp-uxmandrake_linuxos2aixmplayerwindows_2000windows_melinux_kernelbsdoswindows_2003_serversco_unixmac_os_xtru64windows_98windows_ntirixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Details not found