IBM Security AppScan Enterprise Multiple Vulnerabilities
IBM Rational AppScan 5.x
IBM Rational AppScan 8.x
IBM has acknowledged multiple vulnerabilities
1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. cause a DoS when a logged-in user visits a specially crafted web page.
2) Certain input related using a report is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
3) Certain input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) The application bundles a vulnerable version of Apache Tomcat.
5) The application bundles a vulnerable version Microsoft XML Core services dll.
6) The application bundles a vulnerable version of Oracle JDK.
Vulnerabilities can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct cross-site request forgery, script insertion, and SQL injection attacks, and cause a DoS (Denial of Service).