CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1309
https://notcve.org/view.php?id=CVE-2017-1309
IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. IBM InfoSphere Master Data Management Server versión 11.0 hasta 11.6, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por un usuario local. ID de IBM X-Force: 125463. • http://www.ibm.com/support/docview.wss?uid=swg22005437 http://www.securityfocus.com/bid/99872 https://exchange.xforce.ibmcloud.com/vulnerabilities/125463 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7492
https://notcve.org/view.php?id=CVE-2015-7492
Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Reference Data Management (RDM) en IBM InfoSphere Master Data Management 10.1, 11.0 en versiones anteriores a FP5, 11.3, 11.4 y 11.5 en versiones anteriores a FP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21974981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4960
https://notcve.org/view.php?id=CVE-2015-4960
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3.0.0 IF7 y 11.4 en versiones anteriores a 11.4.0.4 IF1 permite a usuarios remotos autenticados llevar a cabo ataques de secuestro de clic a través de un sitio web manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-254: 7PK - Security Features •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4958
https://notcve.org/view.php?id=CVE-2015-4958
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files. IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3.0.0 IF7 y 11.4 en versiones anteriores a 11.4.0.4 IF1 no restringe adecuadamente el almacenamiento en caché del navegador, lo que permite a usuarios locales obtener información sensible mediante la lectura de archivos de caché. • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7414
https://notcve.org/view.php?id=CVE-2015-7414
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el componente GDS en IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3.0.0 IF7 y 11.4 en versiones anteriores a 11.4.0.4 IF1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •