Page 25 of 147 results (0.025 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection. Vulnerabilidad de XSS en Data Quality Console en IBM InfoSphere Information Server 11.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada para añadir una conexión de proyecto. • http://secunia.com/advisories/59267 http://www-01.ibm.com/support/docview.wss?uid=swg1JR50453 http://www-01.ibm.com/support/docview.wss?uid=swg21677719 http://www.securityfocus.com/bid/68781 https://exchange.xforce.ibmcloud.com/vulnerabilities/93786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces. Múltiples vulnerabilidades de XSS en el servidor de IBM InfoSphere Information 8.x hasta 8.5 FP3, 8.7.x hasta 8.7 FP2 y 9.1.x hasta 9.1.2.0 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de interfaces no especificadas. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206 http://www-01.ibm.com/support/docview.wss?uid=swg21666684 http://www.securityfocus.com/bid/66151 https://exchange.xforce.ibmcloud.com/vulnerabilities/86548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. Múltiples vulnerabilidades de inyección SQL en el servidor de IBM InfoSphere Information 8.x hasta 8.5 FP3, 8.7.x hasta 8.7 FP2 y 9.1.x hasta 9.1.2.0 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de interfaces no especificadas. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206 http://www-01.ibm.com/support/docview.wss?uid=swg21666684 http://www.securityfocus.com/bid/66155 https://exchange.xforce.ibmcloud.com/vulnerabilities/86547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en el pack de XML en el servidor de IBM InfoSphere Information 8.5.x hasta 8.5 FP3, 8.7.x hasta 8.7 FP2 y 9.1.x hasta 9.1.2.0 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR48815 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49200 http://www-01.ibm.com/support/docview.wss?uid=swg1JR49206 http://www-01.ibm.com/support/docview.wss?uid=swg21666684 http://www.securityfocus.com/bid/66154 https://exchange.xforce.ibmcloud.com/vulnerabilities/86546 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation. IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7 y 9.1 permite a usuarios locales obtener información sensible en circunstancias oportunistas aprovechando la presencia de archivos despues de una instalación fallida. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR48095 http://www-01.ibm.com/support/docview.wss?uid=swg21659957 https://exchange.xforce.ibmcloud.com/vulnerabilities/87816 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •