CVE-2021-29875
https://notcve.org/view.php?id=CVE-2021-29875
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572. IBM InfoSphere Information Server versión 11.7, podría permitir a un atacante conseguir información confidencial debido a una vulnerabilidad de acceso a dominios de terceros no seguros. IBM X-Force ID: 206572 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206572 https://www.ibm.com/support/pages/node/6509616 •
CVE-2021-29771
https://notcve.org/view.php?id=CVE-2021-29771
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM InfoSphere Information Server versión 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable • https://exchange.xforce.ibmcloud.com/vulnerabilities/202773 https://www.ibm.com/support/pages/node/6509614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-29738
https://notcve.org/view.php?id=CVE-2021-29738
IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302. IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server versión 11.7 ) es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201302 https://www.ibm.com/support/pages/node/6509084 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-29737
https://notcve.org/view.php?id=CVE-2021-29737
IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301. El componente IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server versión 11.7 ) comprueba de forma inapropiada el certificado del servidor REST API. IBM X-Force ID: 201301 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201301 https://www.ibm.com/support/pages/node/6509086 • CWE-295: Improper Certificate Validation •
CVE-2021-29730
https://notcve.org/view.php?id=CVE-2021-29730
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164. IBM InfoSphere Information Server versión 11.7, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podría permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/201164 https://www.ibm.com/support/pages/node/6468569 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •