Page 21 of 178 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494. IBM InfoSphere Information Server versión 11.5 y versión 11.7 es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias de SQL especialmente creadas, que podrían permitirle ver, agregar, modificar o eliminar información en la base de datos back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154494 https://www.ibm.com/support/docview.wss?uid=ibm10793871 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un usuario autenticado acceda a archivos JSP y divulgue información sensible. IBM X-Force ID: 152784. • http://www.securityfocus.com/bid/107688 https://exchange.xforce.ibmcloud.com/vulnerabilities/152784 https://www.ibm.com/support/docview.wss?uid=ibm10872274 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un usuario autenticado descargue código utilizando una petición HTTP especialmente manipulada. IBM X-Force ID: 152663. • http://www.securityfocus.com/bid/107735 https://exchange.xforce.ibmcloud.com/vulnerabilities/152663 https://www.ibm.com/support/docview.wss?uid=ibm10872320 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. IBM InfoSphere Information Server, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante modificar uno de los ajustes relacionados con InfoSphere Business Glossary Anywhere debido a un control de acceso incorrecto. IBM X-Force ID: 152528. • http://www.ibm.com/support/docview.wss?uid=ibm10744029 https://exchange.xforce.ibmcloud.com/vulnerabilities/152528 •

CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639. IBM InfoSphere Information Governance Catalog, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante remoto realizar ataques de phishing utilizando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=ibm10738911 https://exchange.xforce.ibmcloud.com/vulnerabilities/151639 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •