CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4162
https://notcve.org/view.php?id=CVE-2020-4162
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342. El IBM InfoSphere Information Server versiones 11.5 y 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista, conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/174342 https://www.ibm.com/support/pages/node/5690451 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0507
https://notcve.org/view.php?id=CVE-2013-0507
IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability IBM InfoSphere Information Server versiones 8.1, 8.5, 8.7, 9.1, presenta una Vulnerabilidad de Fijación de Sesión. • http://www.securityfocus.com/bid/59815 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4237
https://notcve.org/view.php?id=CVE-2019-4237
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. Una vulnerabilidad Cross-Frame Scripting en IBM InfoSphere Information Server versiones 11.3, 11.5, y 11.7 puede permitir que un atacante cargue la aplicación vulnerable en una etiqueta iframe HTML en una página maliciosa. ID de IBM X-Force: 159419. • https://exchange.xforce.ibmcloud.com/vulnerabilities/159419 https://www.ibm.com/support/docview.wss?uid=ibm10879825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2018-1845
https://notcve.org/view.php?id=CVE-2018-1845
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Las versiones 1.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150905 https://www.ibm.com/support/docview.wss?uid=ibm10738917 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4185
https://notcve.org/view.php?id=CVE-2019-4185
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975. Los contenedores de IBM InfoSphere Information Server versión 11.7.1, son vulnerables a la escalada de privilegios debido a un componente configurado de forma no segura. ID de IBM X-Force: 158975. • https://exchange.xforce.ibmcloud.com/vulnerabilities/158975 https://www.ibm.com/support/docview.wss?uid=ibm10882626 •