CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4237
https://notcve.org/view.php?id=CVE-2019-4237
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. Una vulnerabilidad Cross-Frame Scripting en IBM InfoSphere Information Server versiones 11.3, 11.5, y 11.7 puede permitir que un atacante cargue la aplicación vulnerable en una etiqueta iframe HTML en una página maliciosa. ID de IBM X-Force: 159419. • https://exchange.xforce.ibmcloud.com/vulnerabilities/159419 https://www.ibm.com/support/docview.wss?uid=ibm10879825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2018-1845
https://notcve.org/view.php?id=CVE-2018-1845
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Las versiones 1.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150905 https://www.ibm.com/support/docview.wss?uid=ibm10738917 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1899
https://notcve.org/view.php?id=CVE-2018-1899
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. IBM InfoSphere Information Server, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante modificar uno de los ajustes relacionados con InfoSphere Business Glossary Anywhere debido a un control de acceso incorrecto. IBM X-Force ID: 152528. • http://www.ibm.com/support/docview.wss?uid=ibm10744029 https://exchange.xforce.ibmcloud.com/vulnerabilities/152528 •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1875
https://notcve.org/view.php?id=CVE-2018-1875
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639. IBM InfoSphere Information Governance Catalog, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante remoto realizar ataques de phishing utilizando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=ibm10738911 https://exchange.xforce.ibmcloud.com/vulnerabilities/151639 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1895
https://notcve.org/view.php?id=CVE-2018-1895
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10744013 https://exchange.xforce.ibmcloud.com/vulnerabilities/152159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •