CVE-2012-0741

IBM Security AppScan Enterprise < 8.6.0.2 & Rational Policy Tester < 8.5.0.3 - MITM via Unvalidated X.509 Certificates

Title source: llm
STIX 2.1

Description

IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21620759
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21620760
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74142

Scores

EPSS 0.0059
EPSS Percentile 44.2%

Details

CWE
CWE-20
Status published
Products (25)
ibm/rational_policy_tester 5.5.0.0
ibm/rational_policy_tester 5.5.0.1
ibm/rational_policy_tester 5.5.0.2
ibm/rational_policy_tester 5.6.0.0
ibm/rational_policy_tester 5.6.0.1
ibm/rational_policy_tester 5.6.0.2
ibm/rational_policy_tester 5.6.0.3
ibm/rational_policy_tester 8.0.0.0
ibm/rational_policy_tester 8.0.0.1
ibm/rational_policy_tester 8.0.0.2
... and 15 more
Published Dec 28, 2012
Tracked Since Feb 18, 2026