Description
IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21995118
Scores
CVSS v3
7.3
EPSS
0.0077
EPSS Percentile
73.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (28)
ibm/security_appscan
9.0.0.0
ibm/security_appscan
9.0.0.1
ibm/security_appscan
9.0.1.0
ibm/security_appscan
9.0.1.1
ibm/security_appscan
9.0.2.0
ibm/security_appscan
9.0.2.1
ibm/security_appscan
9.0.3.0
ibm/security_appscan
9.0.3.1
IBM Corporation/AppScan Enterprise
5.2
IBM Corporation/AppScan Enterprise
5.4
... and 18 more
Published
Feb 01, 2017
Tracked Since
Feb 18, 2026