Page 28 of 147 results (0.012 seconds)

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, no valida correctamente la autenticación, permitiendo a usuarios remotos autenticados ganar privilegios mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73287 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en InfoSphere Business Glossary v8.1.1 y v8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, y Reporting y Repository Management Web Console en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y 8.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en InfoSphere Metadata Workbench (MWB) v8.1 through v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0

Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de búsqueda de ruta no confiable en el Import Export Manager v8.1 hasta v9.1 en InfoSphere Information Server MetaBrokers & Bridges (MBB) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, v8.7, y v9.1 permite a usuarios locales ganar privielgios mediante un troyano DLL en el directorio actual de trabajo. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73255 •

CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0

InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors. InfoSphere Import Export Manager en InfoSphere Information Server MetaBrokers & Bridges (MBB) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, v8.7, y v9.1 no valida datos de entrada no especificados, lo que permite a un usuario remoto autenticado ejecutar comandos de su elección mediante vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73292 • CWE-20: Improper Input Validation •