Page 2 of 23 results (0.015 seconds)

CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors. IBM InfoSphere Information Server v8.0, v8.1, v8.5 hasta FP3, v8.7 y v9.1 permite a atacantes remotos secuestrar sesiones y leer valores de cookies, o llevar a acabo ataques de phising para capturar credenciales a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg21651343 http://www.securityfocus.com/bid/62768 https://exchange.xforce.ibmcloud.com/vulnerabilities/86598 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. IBM InfoSphere Information Server v8.0, v8.1, v8.5 hasta FP3, v8.7, y v9.1 permite a atacantes remotos llevar a cabo ataques de phising mediante la creación de un interfaz superpuesto en el interfaz de la consola web. • http://www.ibm.com/support/docview.wss?uid=swg21651343 http://www.securityfocus.com/bid/62767 https://exchange.xforce.ibmcloud.com/vulnerabilities/86597 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the web console. Vulnerabilidad Cross-site scripting (XSS) en IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y v9.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores relacionados con la consola web. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 http://www.securityfocus.com/bid/61757 https://exchange.xforce.ibmcloud.com/vulnerabilities/84646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) repository management user interfaces. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y 9.1 permiten a los usuarios autenticados remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con los interfaces de usuario (1) “web console” y (2) “repository management”. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 https://exchange.xforce.ibmcloud.com/vulnerabilities/83356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Vulnerabilidad XSS en IBM InfoSphere Information Server 8.1, 8.5 a la FP3, 8.7 a la FP2, y 9.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL mal formada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR45274 http://www-01.ibm.com/support/docview.wss?uid=swg21632556 https://exchange.xforce.ibmcloud.com/vulnerabilities/82233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •