CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1383 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1383
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. Las versiones 9.1, 11.3 y 11.5 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22005803 https://exchange.xforce.ibmcloud.com/vulnerabilities/127155 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1467 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1467
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466. Una vulnerabilidad de la seguridad en la capa de red en InfoSphere Information Server 9.1, 11.3 y 11.5 permite que se escalen privilegios o un acceso no autorizado. IBM X-Force ID: 128466. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. • http://www.ibm.com/support/docview.wss?uid=swg22006063 http://www.securityfocus.com/bid/100103 https://exchange.xforce.ibmcloud.com/vulnerabilities/128466 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1468 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1468
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. IBM InfoSphere Information Server 9.1, 11.3 y 11.5 podría permitir que un usuario local obtenga privilegios elevados al ubicar archivos arbitrarios en los directorios de instalación. IBM X-force ID: 128467. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. • http://www.ibm.com/support/docview.wss?uid=swg22006067 http://www.securityfocus.com/bid/100099 https://exchange.xforce.ibmcloud.com/vulnerabilities/128467 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1321
https://notcve.org/view.php?id=CVE-2017-1321
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. IBM InfoSphere Information Server versión 9.1,versión 11.3 y versión 11.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar un código JavaScript arbitrario en la interfaz del usuario web, por lo tanto, alterar la funcionalidad deseada que podría conducir a la divulgación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=swg22004729 http://www.securityfocus.com/bid/99537 https://exchange.xforce.ibmcloud.com/vulnerabilities/125916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7493
https://notcve.org/view.php?id=CVE-2015-7493
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. IBM InfoSphere Information Server podría permitir a un usuario local bajo especiales circunstancias ejecutar comandos durante procesos de instalación que podrían exponer información sensible. • http://www.ibm.com/support/docview.wss?uid=swg21982034 http://www.securityfocus.com/bid/90529 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •