CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1454
https://notcve.org/view.php?id=CVE-2018-1454
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=swg22015222 http://www.securitytracker.com/id/1041038 https://exchange.xforce.ibmcloud.com/vulnerabilities/140089 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1432
https://notcve.org/view.php?id=CVE-2018-1432
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 es vulnerable a Cross-Frame Scripting, que es una vulnerabilidad que permite que un atacante cargue componentes Information Server en una etiqueta iframe HTML en una página maliciosa. El atacante podría utilizar esta debilidad para idear un ataque de secuestro de clics para llevar a cabo ataques de phishing, frame sniffing, ingeniería social o Cross-Site Request Forgery (CSRF). • http://www.ibm.com/support/docview.wss?uid=swg22014911 http://www.securitytracker.com/id/1041039 https://exchange.xforce.ibmcloud.com/vulnerabilities/139360 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0250
https://notcve.org/view.php?id=CVE-2016-0250
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510. Una vulnerabilidad XEE (XML External Entity) en IBM InfoSphere Information Governance Catalog, en versiones 11.3 anteriores a la 11.3.1.2 y en versiones 11.5 anteriores a la 11.5.0.1, permite a los usuarios autenticados remotos leer archivos arbitrarios o provocar una denegación de servicio (DoS) mediante datos XML manipulados. IBM X-Force ID: 110510. • http://www-01.ibm.com/support/docview.wss?uid=swg21977152 https://exchange.xforce.ibmcloud.com/vulnerabilities/110510 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1469
https://notcve.org/view.php?id=CVE-2017-1469
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. IBM InfoSphere Information Server 9.1, 11.3, y 11.5 podría permitir que un usuario local consiga privilegios elevados mediante la colocación de archivos arbitrarios en directorios de instalación. IBM X-Force ID: 128468. • http://www.ibm.com/support/docview.wss?uid=swg22006069 http://www.securityfocus.com/bid/100309 https://exchange.xforce.ibmcloud.com/vulnerabilities/128468 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1383 – IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass
https://notcve.org/view.php?id=CVE-2017-1383
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. Las versiones 9.1, 11.3 y 11.5 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22005803 https://exchange.xforce.ibmcloud.com/vulnerabilities/127155 • CWE-611: Improper Restriction of XML External Entity Reference •