Multiple security vulnerabilities in IBM Rational Products

Release date:
Updated on: 2012-04-26

Affected Systems:
IBM Rational AppScan Enterprise 8.0.1.1
IBM Rational AppScan Enterprise 8.0.1
IBM Rational AppScan Enterprise 8.0.0.1
IBM Rational AppScan Enterprise 8.0.0
IBM Rational AppScan Enterprise 5.5.0.2
IBM Rational AppScan Enterprise 5.5 Fix Pack 1
IBM Rational AppScan Enterprise 5.5
IBM Rational AppScan Enterprise 5.2
The IBM Rational Policy Tester 8.5
IBM Rational AppScan Reporting Console 8.0.1.1
IBM Rational AppScan Reporting Console 5.2
IBM Rational AppScan Reporting Console 5.0.2
IBM Rational AppScan Reporting Console 0.1
Unaffected system:
IBM Rational Policy Tester 8.5.0.1
IBM Rational AppScan Reporting Console 8.5.0.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53247
Cve id: CVE-2012-0729, CVE-2012-0730, CVE-2012-0731, CVE-2012-0732, CVE-2012-0733, CVE-2012-0734, CVE-2012-0735, CVE-2012-0736

IBM Rational is a software development management platform.

Multiple IBM Rational products have multiple implementation vulnerabilities, attackers can exploit this vulnerability to leak sensitive information, execute session locating, insert scripts, overwrite arbitrary files, execute cross-site Request Forgery and spoofing attacks, and control affected systems.

1) Some configuration errors can be used to download arbitrary files of local resources;

2) If Windows authentication is enabled, the service account session can be hijacked;

3) errors during job import can be exploited to leak sensitive information;

4) The file url scan error can be exploited to leak sensitive information;

5) Any code can be executed when an error occurs during scan job creation;

6) If the application does not correctly verify the type of the uploaded file, any ASP. NET code can be executed;

7) the Web interface of the application allows users to perform certain operations through unauthenticated HTTP requests.

8) If the input is incorrectly filtered, arbitrary HTML and script code is inserted.

9) The Enterprise Console does not verify the SSL Certificate, resulting in spoofing and man-in-the-middle attacks.

10) the application is bound with a vulnerable version of the ChilkatZip2 ActiveX control.

<* Source: vendor

Link: http://secunia.com/advisories/48967/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.ers.ibm.com/