CVE-2012-5938
https://notcve.org/view.php?id=CVE-2012-5938
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. El proceso de instalación en IBM InfoSphere Information Server v8.1, v8.5, v8.7 y v9.1 sobre UNIX y Linux, establece permisos y propietarios incorrectamente, lo que permite a usuarios locales evitar las restricciones de acceso establecidas a través de de operaciones estándar con archivos. • http://www.ibm.com/support/docview.wss?uid=swg21628844 https://exchange.xforce.ibmcloud.com/vulnerabilities/80493 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0700
https://notcve.org/view.php?id=CVE-2012-0700
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. El cliente en InfoSphere FastTrack v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no almacena correctamente las credenciales, lo que permite a usuarios locales eludir las restricciones de acceso mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73266 • CWE-255: Credentials Management Errors •
CVE-2012-4832
https://notcve.org/view.php?id=CVE-2012-4832
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y 8.7 y InfoSphere Business Glossary v8.1.1 y v8.1.2 no tiene un atributo de no autocompletar el campo de contraseña en la página de inicio de sesión, lo que hace que sea más fácil por atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo sin vigilancia. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78906 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-0702
https://notcve.org/view.php?id=CVE-2012-0702
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, no valida correctamente la autenticación, permitiendo a usuarios remotos autenticados ganar privilegios mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73287 • CWE-287: Improper Authentication •
CVE-2012-4819
https://notcve.org/view.php?id=CVE-2012-4819
Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en InfoSphere Business Glossary v8.1.1 y v8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, y Reporting y Repository Management Web Console en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y 8.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/78666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •