Vulnerability Description
IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Appscan | 6.0.0.0 |
| Ibm | Rational Policy Tester | <= 8.5.0.2 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21620759PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21620760PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74142
- http://www-01.ibm.com/support/docview.wss?uid=swg21620759PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21620760PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74142
FAQ
What is CVE-2012-0741?
CVE-2012-0741 is a vulnerability with a CVSS score of 5.8 (MEDIUM). IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-midd...
How severe is CVE-2012-0741?
CVE-2012-0741 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0741?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Appscan, Ibm Rational Policy Tester.