CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2013-3996
https://notcve.org/view.php?id=CVE-2013-3996
IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. IBM InfoSphere BigInsights v1.1 hasta v2.1 no maneja adecuadamente los elementos FRAME, lo que hace que sea más fácil para los usuarios remotos autenticados para llevar a cabo ataques de phishing a través de un sitio web manipulado. • http://secunia.com/advisories/54447 http://www-01.ibm.com/support/docview.wss?uid=swg21645804 http://www.securityfocus.com/bid/61604 http://www.securitytracker.com/id/1028883 https://exchange.xforce.ibmcloud.com/vulnerabilities/84985 • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3992
https://notcve.org/view.php?id=CVE-2013-3992
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad CSRF (Cross-site request forgery) en IBM InfoSphere BigInsights v2.0 hasta la v2.1, permite a usuarios autenticados remotamente secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://osvdb.org/95943 http://secunia.com/advisories/54447 http://www-01.ibm.com/support/docview.wss?uid=swg21645804 http://www.securityfocus.com/bid/61604 http://www.securitytracker.com/id/1028883 https://exchange.xforce.ibmcloud.com/vulnerabilities/84981 • CWE-352: Cross-Site Request Forgery (CSRF) •