CVE-2012-0733 - Vulnerability Details - OpenCVE

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Rational Appscan

Configuration 1 [-]

OR	cpe:2.3:a:ibm:rational_appscan:5.2::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:5.4::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:5.5.0::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:5.5.0.1::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:5.5.0.2::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:5.6.0::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:5.6.0.3::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.0.0::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.0.0.1::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.0.0.2::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.0.0.3::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.0.1::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.0.1.1::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.5.0::enterprise:::::
	cpe:2.3:a:ibm:rational_appscan:8.5.0.0::enterprise:::::

No data.

References

Link	Providers
http://secunia.com/advisories/48967
http://secunia.com/advisories/48968
http://www.ibm.com/support/docview.wss?uid=swg21592188
http://www.securityfocus.com/bid/53247
https://exchange.xforce.ibmcloud.com/vulnerabilities/74374

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2012-05-03T01:00:00

Updated: 2024-08-06T18:38:13.957Z

Reserved: 2012-01-17T00:00:00

Link: CVE-2012-0733

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-05-03T04:08:24.907

Modified: 2024-11-21T01:35:37.710

Link: CVE-2012-0733

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ae-serviceacct-session-hijacking(74374)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"}, {"name": "48967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48967"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"}, {"name": "48968", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48968"}, {"name": "53247", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53247"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0733", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ae-serviceacct-session-hijacking(74374)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"}, {"name": "48967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48967"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg21592188", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"}, {"name": "48968", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48968"}, {"name": "53247", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53247"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:13.957Z"}, "title": "CVE Program Container", "references": [{"name": "ae-serviceacct-session-hijacking(74374)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"}, {"name": "48967", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48967"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"}, {"name": "48968", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48968"}, {"name": "53247", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53247"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0733", "datePublished": "2012-05-03T01:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:38:13.957Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:*", "matchCriteriaId": "3F6C993A-E8D2-4A1A-B213-A646A22AB828", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:5.4:*:enterprise:*:*:*:*:*", "matchCriteriaId": "FF4D0A6B-00D5-4EE4-9892-DE6D3A850933", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "63FCC737-6E6A-4121-B3F4-AF3EF858828E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "3F08A6FD-4CE9-451D-AABA-7F6B0B9E8473", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:5.5.0.2:*:enterprise:*:*:*:*:*", "matchCriteriaId": "ED2603F1-AA5C-4CCA-A4E7-B53661864CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "0DF3FEA0-54A6-4656-97FD-4B2277D746C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:5.6.0.3:*:enterprise:*:*:*:*:*", "matchCriteriaId": "7FAE6600-20B1-4D3A-9175-59627023FD20", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "A18637C2-F969-4921-A5DA-6061128BE4F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "0B2A5D4E-7F19-4DB2-A3C5-D36D69B1FDA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.2:*:enterprise:*:*:*:*:*", "matchCriteriaId": "9B98CA70-BB15-4AE9-8FC9-2A677BCB4078", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.0.3:*:enterprise:*:*:*:*:*", "matchCriteriaId": "024BA3CD-E8C6-4E12-81AD-7654C4547EA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "479C7BEF-A159-4EDB-A27E-3641B66C88CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.0.1.1:*:enterprise:*:*:*:*:*", "matchCriteriaId": "56802963-FBC8-4DC4-BEB6-463F99DC13A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "3D11DF7E-F8F9-412A-A70B-04200D393FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_appscan:8.5.0.0:*:enterprise:*:*:*:*:*", "matchCriteriaId": "AE03CD35-7B5E-4B59-8A16-137A18486D0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account."}, {"lang": "es", "value": "IBM Rational AppScan Enterprise v5.x y v8.x antes de v8.5.0.1, cuando se utiliza la autenticaci\u00f3n integrada de Windows, permite a usuarios autenticados remotamente obtener privilegios de administrador mediante el secuestro de una sesi\u00f3n asociada a la cuenta de servicio."}], "id": "CVE-2012-0733", "lastModified": "2024-11-21T01:35:37.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-03T04:08:24.907", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48967"}, {"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48968"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/53247"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}