IBM Security AppScan Source本地权限提升漏洞(CVE-2014-3072)
发布日期:2014-07-30
更新日期:2014-08-05
受影响系统:
IBM Security AppScan Source 9.0
IBM Security AppScan Source 8.8
IBM Security AppScan Source 8.7
IBM Security AppScan Source 8.6
IBM Security AppScan Source 8.5
IBM Security AppScan Source 8
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 69029
CVE(CAN) ID: CVE-2014-3072
IBM Security AppScan Source可以检测并修复Web和移动应用内的漏洞。
IBM AppScan Source Automation Server在实现上存在本地权限提升漏洞,具有本地网络访问权的攻击者无需身份验证,即可利用此漏洞影响系统资源的机密性、数据完整性、敏感信息机密性。
<*来源:IBM ([email protected])
链接:http://www-01.ibm.com/support/docview.wss?uid=swg21680537
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=9.0&platform=All&function=all
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.8&platform=All&function=all
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.7.0.0&platform=All&function=all
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.6.0.2&platform=All&function=all
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.5.0.1&platform=All&function=all
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Rational/AppScan+Source+Edition&release=8.0.0.2&platform=All&function=all