CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2017-1383 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1383
02 Aug 2017 — IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. Las versiones 9.1, 11.3 y 11.5 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer infor... • https://packetstorm.news/files/id/144187 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1321
https://notcve.org/view.php?id=CVE-2017-1321
12 Jul 2017 — IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. IBM InfoSphere Information Server versión 9.1,versión 11.3 y versión 11.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar un código JavaScript arbitrario... • http://www.ibm.com/support/docview.wss?uid=swg22004729 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7493
https://notcve.org/view.php?id=CVE-2015-7493
08 Feb 2017 — IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. IBM InfoSphere Information Server podría permitir a un usuario local bajo especiales circunstancias ejecutar comandos durante procesos de instalación que podrían exponer información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21982034 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9000
https://notcve.org/view.php?id=CVE-2016-9000
01 Feb 2017 — IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. IBM InfoSphere DataStage es vulnerable a las secuencias de comandos de trama cruzada, provocadas por la insuficiente protección HTML de iframe. Un atacante remoto podr... • http://www.ibm.com/support/docview.wss?uid=swg21995257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-8999
https://notcve.org/view.php?id=CVE-2016-8999
01 Feb 2017 — IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. IBM InfoSphere Information Server contiene una vulnerabilidad de importación a la hoja de estilo relativa a la ruta que permite a atacantes procesar una página en modo qirks, lo que facilita a un atacante inyectar CSS malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21995155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5984
https://notcve.org/view.php?id=CVE-2016-5984
01 Feb 2017 — IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. IBM InfoSphere Information Server es vulnerable a las secuencias de marco cruzados, causadas por una protección iframe HTML insuficiente. Un atacante remoto p... • http://www.ibm.com/support/docview.wss?uid=swg21991682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-0280
https://notcve.org/view.php?id=CVE-2016-0280
08 Aug 2016 — Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users t... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 0CVE-2015-7490
https://notcve.org/view.php?id=CVE-2015-7490
03 Mar 2016 — IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie. IBM InfoSphere Information Server 8.5 hasta la versión FP3, 8.7 hasta la versión FP2, 9.1 hasta la versión 9.1.2.0, 11.3 hasta la versión 11.3.1.2 y 11.5 permite a usuarios remotos autentificados eludir las restricciones destinadas al acceso a través de una cookie modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54787 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-1901
https://notcve.org/view.php?id=CVE-2015-1901
28 Jun 2015 — The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands. El instalador en IBM InfoSphere Information Server 8.5 hasta 11.3 anterior a 11.3.1.2 permite a usuarios locales obtener información sensible a través de comandos no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52549 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-0180
https://notcve.org/view.php?id=CVE-2015-0180
25 May 2015 — The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors. Connector Migration Tool en IBM InfoSphere Information Server 8.1 hasta 11.3 permite a usuarios remotos autenticados evadir las restricciones sobre la creación y modificación de empleo a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51665 • CWE-284: Improper Access Control •