CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35022 – IBM InfoSphere Information Server improper authentication
https://notcve.org/view.php?id=CVE-2023-35022
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254. IBM InfoSphere Information Server 11.7 podría permitir a un usuario local actualizar proyectos a los que no tiene autorización para acceder. ID de IBM X-Force: 258254. • https://exchange.xforce.ibmcloud.com/vulnerabilities/258254 https://www.ibm.com/support/pages/node/7158447 • CWE-285: Improper Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28795 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28795
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832. IBM InfoSphere Information Server 11.7 es vulnerable a cross site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/286832 https://www.ibm.com/support/pages/node/7158408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22352 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2024-22352
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. IBM InfoSphere Information Server 11.7 almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 280361. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280361 https://www.ibm.com/support/pages/node/7117184 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50303 – IBM InfoSphere Information Server cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50303
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333. IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/273333 https://www.ibm.com/support/pages/node/7116120 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50955 – IBM InfoSphere Information Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50955
IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777. IBM InfoSphere Information Server 11.7 podría permitir que un usuario privilegiado autenticado obtenga la ruta absoluta de la instalación del servidor web, lo que podría ayudar en futuros ataques contra el sistema. ID de IBM X-Force: 275777. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275777 https://www.ibm.com/support/pages/node/7116610 • CWE-36: Absolute Path Traversal •