CVE-2012-0738 — MEDIUM (5.8)

Q: How severe is CVE-2012-0738?

CVE-2012-0738 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-0738?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Appscan, Ibm Rational Policy Tester.

Vulnerability Description

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

CVSS Score

5.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Security Appscan	6.0.0.0
Ibm	Rational Policy Tester	<= 8.5.0.2

Related Weaknesses (CWE)

CWE-20

References

http://www-01.ibm.com/support/docview.wss?uid=swg21620759PatchVendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21620760PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74578
http://www-01.ibm.com/support/docview.wss?uid=swg21620759PatchVendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21620760PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/74578

FAQ

What is CVE-2012-0738?

CVE-2012-0738 is a vulnerability with a CVSS score of 5.8 (MEDIUM). IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL serve...

How severe is CVE-2012-0738?

CVE-2012-0738 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-0738?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Appscan, Ibm Rational Policy Tester.