
CVE-2015-7492
https://notcve.org/view.php?id=CVE-2015-7492
15 Feb 2016 — Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Reference Data Management (RDM) en IBM InfoSphere Master Data Management 10.1, 11.0 en versiones anteriores a FP5, 11.3, 11.4 y 11.5 en versiones anteriores a FP1 permite a usuarios remotos autenticados inyectar secuencias ... • http://www-01.ibm.com/support/docview.wss?uid=swg21974981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2015-4958
https://notcve.org/view.php?id=CVE-2015-4958
17 Jan 2016 — IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files. IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3.0.0 IF7 y 11.4 en versiones anteriores a 11.4.0.4 IF1 no restringe adecuadame... • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2015-4960
https://notcve.org/view.php?id=CVE-2015-4960
17 Jan 2016 — IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3.0.0 IF7 y 11.4 en versiones anteriores a 11.4.0.4 IF1 permite a usuarios remotos autenticados llevar a cabo ataq... • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-254: 7PK - Security Features •

CVE-2015-7414
https://notcve.org/view.php?id=CVE-2015-7414
17 Jan 2016 — Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el componente GDS en IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3... • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2015-1980
https://notcve.org/view.php?id=CVE-2015-1980
20 Jul 2015 — IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 • CWE-20: Improper Input Validation •

CVE-2015-1968
https://notcve.org/view.php?id=CVE-2015-1968
20 Jul 2015 — Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03, permite a usuarios remotos autenticados inyectar secuencias de comandos o HTML arbitrario a trave... • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2015-1982
https://notcve.org/view.php?id=CVE-2015-1982
20 Jul 2015 — IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados obtener información sensible a través de una solicitud manipulada, la cual revela la ruta completa en un me... • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2015-1984
https://notcve.org/view.php?id=CVE-2015-1984
20 Jul 2015 — IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados eludir las restricciones de acceso previstos y... • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVE-2015-1945
https://notcve.org/view.php?id=CVE-2015-1945
02 Jun 2015 — Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en el componente Reference Data Management en IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 anterior a FP3, y 11.4 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21957776 •

CVE-2015-1909
https://notcve.org/view.php?id=CVE-2015-1909
25 May 2015 — The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El analizador sintáctico de XML en el componente Reference Data Management en el servidor en IBM InfoSphere Master... • http://www-01.ibm.com/support/docview.wss?uid=swg21700754 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •