Page 4 of 33 results (0.007 seconds)

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the web console. Vulnerabilidad Cross-site scripting (XSS) en IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y v9.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores relacionados con la consola web. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 http://www.securityfocus.com/bid/61757 https://exchange.xforce.ibmcloud.com/vulnerabilities/84646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) repository management user interfaces. Múltiples vulnerabilidades de cross-site scripting (XSS) en IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y 9.1 permiten a los usuarios autenticados remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con los interfaces de usuario (1) “web console” y (2) “repository management”. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 https://exchange.xforce.ibmcloud.com/vulnerabilities/83356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Vulnerabilidad XSS en IBM InfoSphere Information Server 8.1, 8.5 a la FP3, 8.7 a la FP2, y 9.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL mal formada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR45274 http://www-01.ibm.com/support/docview.wss?uid=swg21632556 https://exchange.xforce.ibmcloud.com/vulnerabilities/82233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. El proceso de instalación en IBM InfoSphere Information Server v8.1, v8.5, v8.7 y v9.1 sobre UNIX y Linux, establece permisos y propietarios incorrectamente, lo que permite a usuarios locales evitar las restricciones de acceso establecidas a través de de operaciones estándar con archivos. • http://www.ibm.com/support/docview.wss?uid=swg21628844 https://exchange.xforce.ibmcloud.com/vulnerabilities/80493 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.9EPSS: 0%CPEs: 10EXPL: 0

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors. El cliente en InfoSphere FastTrack v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no almacena correctamente las credenciales, lo que permite a usuarios locales eludir las restricciones de acceso mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73266 • CWE-255: Credentials Management Errors •