cpe:/a:ibm:rational_appscan:5.2::enterprise cpe:/a:ibm:rational_appscan:5.4::enterprise cpe:/a:ibm:rational_appscan:5.5.0::enterprise cpe:/a:ibm:rational_appscan:5.5.0.1::enterprise cpe:/a:ibm:rational_appscan:5.5.0.2::enterprise cpe:/a:ibm:rational_appscan:5.6.0::enterprise cpe:/a:ibm:rational_appscan:5.6.0.3::enterprise cpe:/a:ibm:rational_appscan:8.0.0::enterprise cpe:/a:ibm:rational_appscan:8.0.0.1::enterprise cpe:/a:ibm:rational_appscan:8.0.0.2::enterprise cpe:/a:ibm:rational_appscan:8.0.0.3::enterprise cpe:/a:ibm:rational_appscan:8.0.1::enterprise cpe:/a:ibm:rational_appscan:8.0.1.1::enterprise cpe:/a:ibm:rational_appscan:8.5.0::enterprise cpe:/a:ibm:rational_appscan:8.5.0.0::enterprise CVE-2012-0732 2012-05-03T00:08:24.857-04:00 2017-08-28T21:31:01.663-04:00 5.8 NETWORK MEDIUM NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2012-05-03T07:15:00.000-04:00 SECUNIA 48967 SECUNIA 48968 BID 53247 XF ae-ecc-spoofing(74389) CONFIRM http://www.ibm.com/support/docview.wss?uid=swg21592188 The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.