Page 4 of 39 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un usuario autenticado descargue código utilizando una petición HTTP especialmente manipulada. IBM X-Force ID: 152663. • http://www.securityfocus.com/bid/107735 https://exchange.xforce.ibmcloud.com/vulnerabilities/152663 https://www.ibm.com/support/docview.wss?uid=ibm10872320 •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. IBM InfoSphere Information Server, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante modificar uno de los ajustes relacionados con InfoSphere Business Glossary Anywhere debido a un control de acceso incorrecto. IBM X-Force ID: 152528. • http://www.ibm.com/support/docview.wss?uid=ibm10744029 https://exchange.xforce.ibmcloud.com/vulnerabilities/152528 •

CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639. IBM InfoSphere Information Governance Catalog, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante remoto realizar ataques de phishing utilizando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=ibm10738911 https://exchange.xforce.ibmcloud.com/vulnerabilities/151639 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630. Las versiones 9.1, 11.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/147630 https://www.ibm.com/support/docview.wss?uid=ibm10718887 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10744013 https://exchange.xforce.ibmcloud.com/vulnerabilities/152159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •