|Category:||Information Leak / Disclosure|
Published on 03/05/12 - Updated on 29/08/17
IBM Rational AppScan Enterprise 5.x and 8.x before 126.96.36.199 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.