Page 2 of 22 results (0.005 seconds)

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75143 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados obtener información sensible a través de una solicitud manipulada, la cual revela la ruta completa en un mensaje de error. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75477 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03, permite a usuarios remotos autenticados inyectar secuencias de comandos o HTML arbitrario a traves de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados eludir las restricciones de acceso previstos y leer perfiles arbitrarios a través de vectores no especificados, como lo demuestra el descubrimiento de nombre de usuario para su uso en ataques de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75474 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 allow local users to obtain administrator privileges via unspecified vectors. IBM InfoSphere Master Data Management - Collaborative Edition 10.x anterior a 10.1-FP11 y 11.x anterior a 11.0-FP5 y InfoSphere Master Data Management Server for Product Information Management 9.x anterior a 9.1-FP15 y 10.x y 11.x anterior a 11.3-IF2 permiten a usuarios locales obtener los privilegios de administrador a través de vectores no especificados. • http://secunia.com/advisories/60680 http://secunia.com/advisories/60694 http://secunia.com/advisories/60695 http://www-01.ibm.com/support/docview.wss?uid=swg21680403 https://exchange.xforce.ibmcloud.com/vulnerabilities/93599 • CWE-264: Permissions, Privileges, and Access Controls •