IBM AppScan Licensing Component Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1025268 |
|
SecurityTracker URL: http://securitytracker.com/id/1025268
|
|
CVE Reference:
CVE-2011-1205
(Links to External Site)
|
Date: Mar 30 2011
|
Impact:
Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.0.0.1 and prior versions
|
Description:
A vulnerability was reported in IBM AppScan. A local user can obtain elevated privileges on the target system.
A local user can create specially crafted HTML that, when loaded by the target user via the operating system, will execute arbitrary code on the target system with elevated privileges.
The vulnerability resides in several COM objects provided in the licensing component.
The following product versions are affected:
AppScan Build Edition/Express Edition/Standard Edition
AppScan Tester Edition/Reporting Console
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued a fix.
The vendor's advisory is available at:
http://www-304.ibm.com/support/docview.wss?uid=swg21470998
|
Vendor URL: www-304.ibm.com/support/docview.wss?uid=swg21470998 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 30 Mar 2011 05:45:43 +0000
Subject: IBM Rational AppScan / IBM Rational ClearQuest
|
https://www-304.ibm.com/support/docview.wss?uid=swg21470998
CVE-2011-1205
|
|
