Page 2 of 7 results (0.007 seconds)

CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en el componente GDS en IBM InfoSphere Master Data Management - Collaborative Edition 10.x y 11.x anterior a 11.0-FP5 y InfoSphere Master Data Management Server for Product Information Management 9.x hasta 11.x anterior a 11.3-IF2 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios. • http://secunia.com/advisories/60679 http://secunia.com/advisories/60693 http://secunia.com/advisories/60695 http://www-01.ibm.com/support/docview.wss?uid=swg21681649 http://www.securityfocus.com/bid/69262 https://exchange.xforce.ibmcloud.com/vulnerabilities/92885 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0

SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente GDS en IBM InfoSphere Master Data Management - Collaborative Edition 10.x y 11.x anterior a 11.0-FP5 y InfoSphere Master Data Management Server for Product Information Management 9.x hasta 11.x anterior a 11.3-IF2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/60679 http://secunia.com/advisories/60693 http://secunia.com/advisories/60695 http://www-01.ibm.com/support/docview.wss?uid=swg21681651 https://exchange.xforce.ibmcloud.com/vulnerabilities/92880 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •