CVE-2017-1495 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1495
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693. IBM InfoSphere Information Server 9.1, 11.3 y 11.5 podría permitir que un usuario con privilegios haga un volcado de memoria que pueda contener información altamente sensible, incluyendo credenciales de acceso. IBM X-Force ID: 128693. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. • http://www.ibm.com/support/docview.wss?uid=swg22006068 https://exchange.xforce.ibmcloud.com/vulnerabilities/128693 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-1383 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1383
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. Las versiones 9.1, 11.3 y 11.5 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22005803 https://exchange.xforce.ibmcloud.com/vulnerabilities/127155 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-1467 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1467
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466. Una vulnerabilidad de la seguridad en la capa de red en InfoSphere Information Server 9.1, 11.3 y 11.5 permite que se escalen privilegios o un acceso no autorizado. IBM X-Force ID: 128466. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. • http://www.ibm.com/support/docview.wss?uid=swg22006063 http://www.securityfocus.com/bid/100103 https://exchange.xforce.ibmcloud.com/vulnerabilities/128466 •
CVE-2017-1468 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1468
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. IBM InfoSphere Information Server 9.1, 11.3 y 11.5 podría permitir que un usuario local obtenga privilegios elevados al ubicar archivos arbitrarios en los directorios de instalación. IBM X-force ID: 128467. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. • http://www.ibm.com/support/docview.wss?uid=swg22006067 http://www.securityfocus.com/bid/100099 https://exchange.xforce.ibmcloud.com/vulnerabilities/128467 •
CVE-2017-1321
https://notcve.org/view.php?id=CVE-2017-1321
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. IBM InfoSphere Information Server versión 9.1,versión 11.3 y versión 11.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar un código JavaScript arbitrario en la interfaz del usuario web, por lo tanto, alterar la funcionalidad deseada que podría conducir a la divulgación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=swg22004729 http://www.securityfocus.com/bid/99537 https://exchange.xforce.ibmcloud.com/vulnerabilities/125916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •