CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1432
https://notcve.org/view.php?id=CVE-2018-1432
05 Jun 2018 — IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 es vulnerable a Cross-Frame Script... • http://www.ibm.com/support/docview.wss?uid=swg22014911 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1454
https://notcve.org/view.php?id=CVE-2018-1454
05 Jun 2018 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente HTTP ... • http://www.ibm.com/support/docview.wss?uid=swg22015222 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0250
https://notcve.org/view.php?id=CVE-2016-0250
12 Mar 2018 — XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510. Una vulnerabilidad XEE (XML External Entity) en IBM InfoSphere Information Governance Catalog, en versiones 11.3 anteriores a la 11.3.1.2 y en versiones 11.5 anteriores a la 11.5.0.1, permite a los usuarios autenticados remotos leer archivos ar... • http://www-01.ibm.com/support/docview.wss?uid=swg21977152 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1469
https://notcve.org/view.php?id=CVE-2017-1469
14 Aug 2017 — IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. IBM InfoSphere Information Server 9.1, 11.3, y 11.5 podría permitir que un usuario local consiga privilegios elevados mediante la colocación de archivos arbitrarios en directorios de instalación. IBM X-Force ID: 128468. • http://www.ibm.com/support/docview.wss?uid=swg22006069 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1CVE-2017-1467 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1467
02 Aug 2017 — A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466. Una vulnerabilidad de la seguridad en la capa de red en InfoSphere Information Server 9.1, 11.3 y 11.5 permite que se escalen privilegios o un acceso no autorizado. IBM X-Force ID: 128466. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity inje... • https://packetstorm.news/files/id/144187 •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2017-1383 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1383
02 Aug 2017 — IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. Las versiones 9.1, 11.3 y 11.5 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer infor... • https://packetstorm.news/files/id/144187 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-1468 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1468
02 Aug 2017 — IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. IBM InfoSphere Information Server 9.1, 11.3 y 11.5 podría permitir que un usuario local obtenga privilegios elevados al ubicar archivos arbitrarios en los directorios de instalación. IBM X-force ID: 128467. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from ... • https://packetstorm.news/files/id/144187 •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1CVE-2017-1495 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1495
02 Aug 2017 — IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693. IBM InfoSphere Information Server 9.1, 11.3 y 11.5 podría permitir que un usuario con privilegios haga un volcado de memoria que pueda contener información altamente sensible, incluyendo credenciales de acceso. IBM X-Force ID: 128693. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, an... • https://packetstorm.news/files/id/144187 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1321
https://notcve.org/view.php?id=CVE-2017-1321
12 Jul 2017 — IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. IBM InfoSphere Information Server versión 9.1,versión 11.3 y versión 11.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar un código JavaScript arbitrario... • http://www.ibm.com/support/docview.wss?uid=swg22004729 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7493
https://notcve.org/view.php?id=CVE-2015-7493
08 Feb 2017 — IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. IBM InfoSphere Information Server podría permitir a un usuario local bajo especiales circunstancias ejecutar comandos durante procesos de instalación que podrían exponer información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21982034 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •