Page 3 of 23 results (0.033 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. El proceso de instalación en IBM InfoSphere Information Server v8.1, v8.5, v8.7 y v9.1 sobre UNIX y Linux, establece permisos y propietarios incorrectamente, lo que permite a usuarios locales evitar las restricciones de acceso establecidas a través de de operaciones estándar con archivos. • http://www.ibm.com/support/docview.wss?uid=swg21628844 https://exchange.xforce.ibmcloud.com/vulnerabilities/80493 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. El cliente en InfoSphere FastTrack v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no almacena correctamente las credenciales, lo que permite a usuarios locales eludir las restricciones de acceso mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73266 • CWE-255: Credentials Management Errors •

CVSS: 1.9EPSS: 0%CPEs: 7EXPL: 0

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y 8.7 y InfoSphere Business Glossary v8.1.1 y v8.1.2 no tiene un atributo de no autocompletar el campo de contraseña en la página de inicio de sesión, lo que hace que sea más fácil por atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo sin vigilancia. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78906 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, no valida correctamente la autenticación, permitiendo a usuarios remotos autenticados ganar privilegios mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73287 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en InfoSphere Business Glossary v8.1.1 y v8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, y Reporting y Repository Management Web Console en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y 8.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •