Page 4 of 44 results (0.008 seconds)

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=swg22015222 http://www.securitytracker.com/id/1041038 https://exchange.xforce.ibmcloud.com/vulnerabilities/140089 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 es vulnerable a Cross-Frame Scripting, que es una vulnerabilidad que permite que un atacante cargue componentes Information Server en una etiqueta iframe HTML en una página maliciosa. El atacante podría utilizar esta debilidad para idear un ataque de secuestro de clics para llevar a cabo ataques de phishing, frame sniffing, ingeniería social o Cross-Site Request Forgery (CSRF). • http://www.ibm.com/support/docview.wss?uid=swg22014911 http://www.securitytracker.com/id/1041039 https://exchange.xforce.ibmcloud.com/vulnerabilities/139360 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. IBM InfoSphere Information Server 9.1, 11.3, 11.5 y 11.7 podría permitir que un usuario escale sus privilegios a administrador debido a controles de acceso incorrectos. IBM X-Force ID: 126526. • http://www.ibm.com/support/docview.wss?uid=swg22005503 http://www.securityfocus.com/bid/104550 http://www.securitytracker.com/id/1041042 https://exchange.xforce.ibmcloud.com/vulnerabilities/126526 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510. Una vulnerabilidad XEE (XML External Entity) en IBM InfoSphere Information Governance Catalog, en versiones 11.3 anteriores a la 11.3.1.2 y en versiones 11.5 anteriores a la 11.5.0.1, permite a los usuarios autenticados remotos leer archivos arbitrarios o provocar una denegación de servicio (DoS) mediante datos XML manipulados. IBM X-Force ID: 110510. • http://www-01.ibm.com/support/docview.wss?uid=swg21977152 https://exchange.xforce.ibmcloud.com/vulnerabilities/110510 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. IBM InfoSphere Information Server 9.1, 11.3, y 11.5 podría permitir que un usuario local consiga privilegios elevados mediante la colocación de archivos arbitrarios en directorios de instalación. IBM X-Force ID: 128468. • http://www.ibm.com/support/docview.wss?uid=swg22006069 http://www.securityfocus.com/bid/100309 https://exchange.xforce.ibmcloud.com/vulnerabilities/128468 • CWE-94: Improper Control of Generation of Code ('Code Injection') •