Page 22 of 178 results (0.009 seconds)

CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0

IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970. IBM InfoSphere Information Server 11.7 podría permitir que un usuario autenticado en condiciones especializadas inyecte comandos en el proceso de instalación que se ejecutarían en WebSphere Application Server. IBM X-Force ID: 145970. • https://exchange.xforce.ibmcloud.com/vulnerabilities/145970 https://www.ibm.com/support/docview.wss?uid=ibm10730555 •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630. Las versiones 9.1, 11.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/147630 https://www.ibm.com/support/docview.wss?uid=ibm10718887 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10744013 https://exchange.xforce.ibmcloud.com/vulnerabilities/152159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. IBM InfoSphere Information Server 11.7 se ha visto afectado por una vulnerabilidad de cifrado débil de contraseñas que podría permitir que un usuario local obtenga información altamente sensible. IBM X-Force ID: 141682. • https://exchange.xforce.ibmcloud.com/vulnerabilities/141682 https://www.ibm.com/support/docview.wss?uid=swg22017446 • CWE-326: Inadequate Encryption Strength •

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=swg22015222 http://www.securitytracker.com/id/1041038 https://exchange.xforce.ibmcloud.com/vulnerabilities/140089 • CWE-319: Cleartext Transmission of Sensitive Information •