CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3998
https://notcve.org/view.php?id=CVE-2013-3998
CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en la consola web Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21667812 https://exchange.xforce.ibmcloud.com/vulnerabilities/84987 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3997
https://notcve.org/view.php?id=CVE-2013-3997
Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en la consola web de Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21667812 http://www.securityfocus.com/bid/66360 https://exchange.xforce.ibmcloud.com/vulnerabilities/84986 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-3995
https://notcve.org/view.php?id=CVE-2013-3995
Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en IBM InfoSphere BigInsights v1.1 hasta v2.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/54447 http://www-01.ibm.com/support/docview.wss?uid=swg21645804 http://www.securityfocus.com/bid/61604 http://www.securitytracker.com/id/1028883 https://exchange.xforce.ibmcloud.com/vulnerabilities/84984 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2013-3996
https://notcve.org/view.php?id=CVE-2013-3996
IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. IBM InfoSphere BigInsights v1.1 hasta v2.1 no maneja adecuadamente los elementos FRAME, lo que hace que sea más fácil para los usuarios remotos autenticados para llevar a cabo ataques de phishing a través de un sitio web manipulado. • http://secunia.com/advisories/54447 http://www-01.ibm.com/support/docview.wss?uid=swg21645804 http://www.securityfocus.com/bid/61604 http://www.securitytracker.com/id/1028883 https://exchange.xforce.ibmcloud.com/vulnerabilities/84985 • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3992
https://notcve.org/view.php?id=CVE-2013-3992
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigInsights 2.0 through 2.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad CSRF (Cross-site request forgery) en IBM InfoSphere BigInsights v2.0 hasta la v2.1, permite a usuarios autenticados remotamente secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://osvdb.org/95943 http://secunia.com/advisories/54447 http://www-01.ibm.com/support/docview.wss?uid=swg21645804 http://www.securityfocus.com/bid/61604 http://www.securitytracker.com/id/1028883 https://exchange.xforce.ibmcloud.com/vulnerabilities/84981 • CWE-352: Cross-Site Request Forgery (CSRF) •