7 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en FileNet P8 Platform Documentation Installable Info Center 4.5.1 hasta la versión 5.2.0 en IBM FileNet Business Process Manager 4.5.1 hasta 5.1.0, FileNet Content Manager 4.5.1 hasta la versión 5.2.0, y Case Foundation 5.2.0 permite a atacantes remotos inyectar script Web arbitrario o HTML a través de vectores no especificados. • http://secunia.com/advisories/56500 http://www.ibm.com/support/docview.wss?uid=swg21662360 http://www.securityfocus.com/bid/65045 https://exchange.xforce.ibmcloud.com/vulnerabilities/89862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 coloca un token de sesión en la URI, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de un archivo de log "Referer". • http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426 http://www.securityfocus.com/bid/43136 • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 transmite las contraseñas en texto claro, lo que permite a atacantes remotos obtener información sensible escuchando el tráfico de la red. • http://secunia.com/advisories/41344 http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426 http://www.securityfocus.com/bid/43136 • CWE-255: Credentials Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Records Manager (RM) v4.5.x antes v4.5.1.1-IER-FP001 permite a atacantes remotos inyectar HTML o secuencias de comandos web a través de vectores no especificados. • http://secunia.com/advisories/41344 http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426 http://www.securityfocus.com/bid/43136 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM Records Manager (RM) v4.5.x antes de v4.5.1.1-IER-FP001 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • http://secunia.com/advisories/41344 http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426 http://www.securityfocus.com/bid/43136 • CWE-20: Improper Input Validation •