CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29888
https://notcve.org/view.php?id=CVE-2021-29888
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123. IBM InfoSphere Information Server versión 11.7 es vulnerable a un ataque de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 207123 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207123 https://www.ibm.com/support/pages/node/6509618 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29875
https://notcve.org/view.php?id=CVE-2021-29875
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572. IBM InfoSphere Information Server versión 11.7, podría permitir a un atacante conseguir información confidencial debido a una vulnerabilidad de acceso a dominios de terceros no seguros. IBM X-Force ID: 206572 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206572 https://www.ibm.com/support/pages/node/6509616 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29771
https://notcve.org/view.php?id=CVE-2021-29771
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM InfoSphere Information Server versión 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable • https://exchange.xforce.ibmcloud.com/vulnerabilities/202773 https://www.ibm.com/support/pages/node/6509614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29738
https://notcve.org/view.php?id=CVE-2021-29738
IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302. IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server versión 11.7 ) es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201302 https://www.ibm.com/support/pages/node/6509084 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29737
https://notcve.org/view.php?id=CVE-2021-29737
IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301. El componente IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server versión 11.7 ) comprueba de forma inapropiada el certificado del servidor REST API. IBM X-Force ID: 201301 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201301 https://www.ibm.com/support/pages/node/6509086 • CWE-295: Improper Certificate Validation •