Page 32 of 178 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. IBM InfoSphere Information Server v8.0, v8.1, v8.5 hasta FP3, v8.7, y v9.1 permite a atacantes remotos llevar a cabo ataques de phising mediante la creación de un interfaz superpuesto en el interfaz de la consola web. • http://www.ibm.com/support/docview.wss?uid=swg21651343 http://www.securityfocus.com/bid/62767 https://exchange.xforce.ibmcloud.com/vulnerabilities/86597 • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors. IBM InfoSphere Information Server v8.0, v8.1, v8.5 hasta FP3, v8.7 y v9.1 permite a atacantes remotos secuestrar sesiones y leer valores de cookies, o llevar a acabo ataques de phising para capturar credenciales a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg21651343 http://www.securityfocus.com/bid/62768 https://exchange.xforce.ibmcloud.com/vulnerabilities/86598 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack. IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y 9.1 produce mensajes de fallo de inicio de sesión e indica si el nombre de usuario o la contraseña es incorrecta, lo que permite a atacantes remotos para enumerar las cuentas de usuario a través de un ataque de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 http://www.securityfocus.com/bid/61755 https://exchange.xforce.ibmcloud.com/vulnerabilities/84765 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the web console. Vulnerabilidad Cross-site scripting (XSS) en IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y v9.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores relacionados con la consola web. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 http://www.securityfocus.com/bid/61757 https://exchange.xforce.ibmcloud.com/vulnerabilities/84646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) repository management user interfaces. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y 9.1 permiten a los usuarios autenticados remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con los interfaces de usuario (1) “web console” y (2) “repository management”. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 https://exchange.xforce.ibmcloud.com/vulnerabilities/83356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •