Page 33 of 178 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Vulnerabilidad XSS en IBM InfoSphere Information Server 8.1, 8.5 a la FP3, 8.7 a la FP2, y 9.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL mal formada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR45274 http://www-01.ibm.com/support/docview.wss?uid=swg21632556 https://exchange.xforce.ibmcloud.com/vulnerabilities/82233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. El proceso de instalación en IBM InfoSphere Information Server v8.1, v8.5, v8.7 y v9.1 sobre UNIX y Linux, establece permisos y propietarios incorrectamente, lo que permite a usuarios locales evitar las restricciones de acceso establecidas a través de de operaciones estándar con archivos. • http://www.ibm.com/support/docview.wss?uid=swg21628844 https://exchange.xforce.ibmcloud.com/vulnerabilities/80493 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) en IBM InfoSphere Master Data Management - Collaborative Edition v10.0 y v10.1 antes de FP1 y Iter Data Management Server for Product Information Management v6.0, v9.0, y v9.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21624952 https://exchange.xforce.ibmcloud.com/vulnerabilities/81482 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allow remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en IBM InfoSphere Master Data Management - Collaborative Edition v10.0 y v10.1 antes de FP1 y InfoSphere Master Server Gestión de Datos de Información de Gestión de Productos v6.0, v9.0, v9.1 y permitir a usuarios remotos autenticados inyectar contenido, y llevar a cabo ataques de phising, a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg21624952 https://exchange.xforce.ibmcloud.com/vulnerabilities/81481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. El cliente en InfoSphere FastTrack v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no almacena correctamente las credenciales, lo que permite a usuarios locales eludir las restricciones de acceso mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73266 • CWE-255: Credentials Management Errors •