CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1321
https://notcve.org/view.php?id=CVE-2017-1321
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. IBM InfoSphere Information Server versión 9.1,versión 11.3 y versión 11.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar un código JavaScript arbitrario en la interfaz del usuario web, por lo tanto, alterar la funcionalidad deseada que podría conducir a la divulgación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=swg22004729 http://www.securityfocus.com/bid/99537 https://exchange.xforce.ibmcloud.com/vulnerabilities/125916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7493
https://notcve.org/view.php?id=CVE-2015-7493
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. IBM InfoSphere Information Server podría permitir a un usuario local bajo especiales circunstancias ejecutar comandos durante procesos de instalación que podrían exponer información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21982034 http://www.securityfocus.com/bid/90529 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2016-8999
https://notcve.org/view.php?id=CVE-2016-8999
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. IBM InfoSphere Information Server contiene una vulnerabilidad de importación a la hoja de estilo relativa a la ruta que permite a atacantes procesar una página en modo qirks, lo que facilita a un atacante inyectar CSS malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21995155 http://www.securityfocus.com/bid/95325 http://www.securitytracker.com/id/1037563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5984
https://notcve.org/view.php?id=CVE-2016-5984
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. IBM InfoSphere Information Server es vulnerable a las secuencias de marco cruzados, causadas por una protección iframe HTML insuficiente. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL especialmente manipulada para navegar a una página web que controla el atacante. • http://www.ibm.com/support/docview.wss?uid=swg21991682 http://www.securityfocus.com/bid/95106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5994
https://notcve.org/view.php?id=CVE-2016-5994
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. IBM InfoSphere Information Server contiene una vulnerabilidad que podrían permitir a un usuario autenticado explorar cualquier archivo en el nivel del motor y examinar su contenido. • http://www.ibm.com/support/docview.wss?uid=swg21992171 http://www.securityfocus.com/bid/93557 http://www.securitytracker.com/id/1037022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •