Vulnerability Name: CVE-2013-0510 (CCN-82592) Assigned: 2012-12-16 Published: 2013-03-25 Updated: 2017-08-29 Summary: IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-264 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2013-0510 IBM Security AppScan Enterprise Multiple Vulnerabilities http://www-01.ibm.com/support/docview.wss?uid=swg21626264 Information disclosure vulnerability in IBM Security AppScan Standard (CVE-2013-0510) Multiple vulnerabilities in IBM Security AppScan Enterprise (CVE-2013-0532, CVE-2013-0510, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0511, CVE-2013-0473, CVE-2012-5081) IBM Rational AppScan Enterprise CVE-2013-0510 Information Disclosure Vulnerability appscan-fwd-info-disclosure(82592) appscan-fwd-info-disclosure(82592) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.2:-:enterprise:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:* OR cpe:/a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:* OR cpe:/a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:* BACK
ibm security appscan 5.6.0.0 -
ibm security appscan 8.0.0.0 -
ibm security appscan 8.0.0.1 -
ibm security appscan 8.0.0.2 -
ibm security appscan 8.0.1.0 -
ibm security appscan 8.0.1.1 -
ibm security appscan 8.0.11 -
ibm security appscan 8.5.0.0 -
ibm security appscan 8.5.0.1 -
ibm security appscan 8.6.0.0 -
ibm security appscan 8.6.0.1 -
ibm security appscan 8.6.0.2 -
ibm rational appscan 5.2
ibm rational appscan 8.0.0
ibm rational appscan 8.5.0
Denotes that component is vulnerable