IBM Security AppScan Source本地权限提升漏洞(CVE-2014-3072)

发布日期:2014-07-30
更新日期:2014-08-05

受影响系统:
IBM Security AppScan Source 9.0
 IBM Security AppScan Source 8.8
 IBM Security AppScan Source 8.7
 IBM Security AppScan Source 8.6
 IBM Security AppScan Source 8.5
 IBM Security AppScan Source 8
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 69029
 CVE(CAN) ID: CVE-2014-3072
 
IBM Security AppScan Source可以检测并修复Web和移动应用内的漏洞。
 
IBM AppScan Source Automation Server在实现上存在本地权限提升漏洞,具有本地网络访问权的攻击者无需身份验证,即可利用此漏洞影响系统资源的机密性、数据完整性、敏感信息机密性。
 
<*来源:IBM ([email protected]
 
  链接:http://www-01.ibm.com/support/docview.wss?uid=swg21680537
 *>

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
IBM
 ---
 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
 
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=9.0&platform=All&function=all
 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.8&platform=All&function=all
 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.7.0.0&platform=All&function=all
 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.6.0.2&platform=All&function=all
 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.5.0.1&platform=All&function=all
 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.0.0.2&platform=All&function=all

相关推荐