CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1432
https://notcve.org/view.php?id=CVE-2018-1432
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 es vulnerable a Cross-Frame Scripting, que es una vulnerabilidad que permite que un atacante cargue componentes Information Server en una etiqueta iframe HTML en una página maliciosa. El atacante podría utilizar esta debilidad para idear un ataque de secuestro de clics para llevar a cabo ataques de phishing, frame sniffing, ingeniería social o Cross-Site Request Forgery (CSRF). • http://www.ibm.com/support/docview.wss?uid=swg22014911 http://www.securitytracker.com/id/1041039 https://exchange.xforce.ibmcloud.com/vulnerabilities/139360 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1350
https://notcve.org/view.php?id=CVE-2017-1350
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 podría permitir que un usuario escale sus privilegios a administrador debido a controles de acceso incorrectos. IBM X-Force ID: 126526. • http://www.ibm.com/support/docview.wss?uid=swg22005503 http://www.securityfocus.com/bid/104550 http://www.securitytracker.com/id/1041042 https://exchange.xforce.ibmcloud.com/vulnerabilities/126526 •