Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
https://exchange.xforce.ibmcloud.com/vulnerabilities/74370
http://www.securityfocus.com/bid/53247
http://www.ibm.com/support/docview.wss?uid=swg21592188