CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1432
https://notcve.org/view.php?id=CVE-2018-1432
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 es vulnerable a Cross-Frame Scripting, que es una vulnerabilidad que permite que un atacante cargue componentes Information Server en una etiqueta iframe HTML en una página maliciosa. El atacante podría utilizar esta debilidad para idear un ataque de secuestro de clics para llevar a cabo ataques de phishing, frame sniffing, ingeniería social o Cross-Site Request Forgery (CSRF). • http://www.ibm.com/support/docview.wss?uid=swg22014911 http://www.securitytracker.com/id/1041039 https://exchange.xforce.ibmcloud.com/vulnerabilities/139360 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1350
https://notcve.org/view.php?id=CVE-2017-1350
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 podría permitir que un usuario escale sus privilegios a administrador debido a controles de acceso incorrectos. IBM X-Force ID: 126526. • http://www.ibm.com/support/docview.wss?uid=swg22005503 http://www.securityfocus.com/bid/104550 http://www.securitytracker.com/id/1041042 https://exchange.xforce.ibmcloud.com/vulnerabilities/126526 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0250
https://notcve.org/view.php?id=CVE-2016-0250
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510. Una vulnerabilidad XEE (XML External Entity) en IBM InfoSphere Information Governance Catalog, en versiones 11.3 anteriores a la 11.3.1.2 y en versiones 11.5 anteriores a la 11.5.0.1, permite a los usuarios autenticados remotos leer archivos arbitrarios o provocar una denegación de servicio (DoS) mediante datos XML manipulados. IBM X-Force ID: 110510. • http://www-01.ibm.com/support/docview.wss?uid=swg21977152 https://exchange.xforce.ibmcloud.com/vulnerabilities/110510 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1469
https://notcve.org/view.php?id=CVE-2017-1469
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. IBM InfoSphere Information Server 9.1, 11.3, y 11.5 podría permitir que un usuario local consiga privilegios elevados mediante la colocación de archivos arbitrarios en directorios de instalación. IBM X-Force ID: 128468. • http://www.ibm.com/support/docview.wss?uid=swg22006069 http://www.securityfocus.com/bid/100309 https://exchange.xforce.ibmcloud.com/vulnerabilities/128468 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1495 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1495
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693. IBM InfoSphere Information Server 9.1, 11.3 y 11.5 podría permitir que un usuario con privilegios haga un volcado de memoria que pueda contener información altamente sensible, incluyendo credenciales de acceso. IBM X-Force ID: 128693. IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. • http://www.ibm.com/support/docview.wss?uid=swg22006068 https://exchange.xforce.ibmcloud.com/vulnerabilities/128693 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •