Vulnerability Name: CVE-2013-0511 (CCN-82344) Assigned: 2012-12-16 Published: 2013-03-25 Updated: 2017-08-29 Summary: Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. CVSS v3 Severity: 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P 5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-89 Vulnerability Consequences: Data Manipulation References: Source: MITRECVE-2013-0511 IBM Rational Policy Tester Multiple Vulnerabilities http://www-01.ibm.com/support/docview.wss?uid=swg21626264 Multiple vulnerabilities in IBM Rational Policy Tester (CVE-2013-0532, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0473, CVE-2012-5081) Multiple vulnerabilities in IBM Security AppScan Enterprise (CVE-2013-0532, CVE-2013-0510, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0511, CVE-2013-0473, CVE-2012-5081) IBM Rational AppScan CVE-2013-0511 Unspecified SQL Injection Vulnerabilitiy appscan-cve20130511-sql-injection(82344) appscan-cve20130511-sql-injection(82344) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.1:-:enterprise:*:*:*:*:* OR cpe:/a:ibm:security_appscan:8.6.0.2:-:enterprise:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:rational_policy_tester:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_appscan:5.2:*:enterprise:*:*:*:*:* OR cpe:/a:ibm:rational_appscan:8.0.0:*:enterprise:*:*:*:*:* OR cpe:/a:ibm:rational_appscan:8.5.0:*:enterprise:*:*:*:*:* BACK
ibm security appscan 5.6.0.0 -
ibm security appscan 8.0.0.0 -
ibm security appscan 8.0.0.1 -
ibm security appscan 8.0.0.2 -
ibm security appscan 8.0.1.0 -
ibm security appscan 8.0.1.1 -
ibm security appscan 8.0.11 -
ibm security appscan 8.5.0.0 -
ibm security appscan 8.5.0.1 -
ibm security appscan 8.6.0.0 -
ibm security appscan 8.6.0.1 -
ibm security appscan 8.6.0.2 -
ibm rational policy tester 8.0.0.0
ibm rational appscan 5.2
ibm rational appscan 8.0.0
ibm rational appscan 8.5.0
Denotes that component is vulnerable