CVE-2020-4286
https://notcve.org/view.php?id=CVE-2020-4286
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 176268. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176268 https://www.ibm.com/support/pages/node/6194751 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-4384
https://notcve.org/view.php?id=CVE-2020-4384
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/179265 https://www.ibm.com/support/pages/node/6202417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4237
https://notcve.org/view.php?id=CVE-2019-4237
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. Una vulnerabilidad Cross-Frame Scripting en IBM InfoSphere Information Server versiones 11.3, 11.5, y 11.7 puede permitir que un atacante cargue la aplicación vulnerable en una etiqueta iframe HTML en una página maliciosa. ID de IBM X-Force: 159419. • https://exchange.xforce.ibmcloud.com/vulnerabilities/159419 https://www.ibm.com/support/docview.wss?uid=ibm10879825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1845
https://notcve.org/view.php?id=CVE-2018-1845
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Las versiones 1.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150905 https://www.ibm.com/support/docview.wss?uid=ibm10738917 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2019-4257
https://notcve.org/view.php?id=CVE-2019-4257
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. IBM InfoSphere Information Server 11.5 y 11.7 es afectado por una vulnerabilidad de revelación de información. La información confidencial en un mensaje de error puede ser usado para conducir mas ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/159945 https://www.ibm.com/support/docview.wss?uid=ibm10882478 • CWE-209: Generation of Error Message Containing Sensitive Information •