CVSS: 2.9EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0905
https://notcve.org/view.php?id=CVE-2014-0905
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. IBM InfoSphere BigInsights 2.0 hasta 2.1.2 no configura el indicador de seguridad para la cookie LTPA en una sesión https, lo que facilita a atacantes remotos capturar esta cookie mediante la intercepción de su transmisión dentro de una sesión http. • http://www-01.ibm.com/support/docview.wss?uid=swg21680830 https://exchange.xforce.ibmcloud.com/vulnerabilities/91720 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 9%CPEs: 1EXPL: 0CVE-2013-3993 – IBM InfoSphere BigInsights Invalid Input Vulnerability
https://notcve.org/view.php?id=CVE-2013-3993
IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. IBM InfoSphere BigInsights anterior a 2.1.0.3 permite a usuarios remotos autenticados evadir las restricciones de fichero y directorio, o acceder a datos o código no confiables, a través de parámetros manipulados en llamadas API no especificadas. Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. • http://secunia.com/advisories/59676 http://www-01.ibm.com/support/docview.wss?uid=swg21677445 http://www.securityfocus.com/bid/68449 https://exchange.xforce.ibmcloud.com/vulnerabilities/84982 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3998
https://notcve.org/view.php?id=CVE-2013-3998
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en la consola web Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21667812 https://exchange.xforce.ibmcloud.com/vulnerabilities/84987 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3997
https://notcve.org/view.php?id=CVE-2013-3997
Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en la consola web de Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21667812 http://www.securityfocus.com/bid/66360 https://exchange.xforce.ibmcloud.com/vulnerabilities/84986 • CWE-20: Improper Input Validation •