CVE-2013-4056
https://notcve.org/view.php?id=CVE-2013-4056
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en componentes Data Quality Console e Information Analyzer de IBM InfoSphere Information Server 8.7 hasta FP2 y 9.1 hasta la versión 9.1.2.0 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg21652413 https://exchange.xforce.ibmcloud.com/vulnerabilities/86545 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-4066
https://notcve.org/view.php?id=CVE-2013-4066
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. IBM InfoSphere Information Server v8.0, v8.1, v8.5 hasta FP3, v8.7, y v9.1 permite a atacantes remotos llevar a cabo ataques de phising mediante la creación de un interfaz superpuesto en el interfaz de la consola web. • http://www.ibm.com/support/docview.wss?uid=swg21651343 http://www.securityfocus.com/bid/62767 https://exchange.xforce.ibmcloud.com/vulnerabilities/86597 • CWE-20: Improper Input Validation •
CVE-2013-4067
https://notcve.org/view.php?id=CVE-2013-4067
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors. IBM InfoSphere Information Server v8.0, v8.1, v8.5 hasta FP3, v8.7 y v9.1 permite a atacantes remotos secuestrar sesiones y leer valores de cookies, o llevar a acabo ataques de phising para capturar credenciales a través de vectores no especificados. • http://www.ibm.com/support/docview.wss?uid=swg21651343 http://www.securityfocus.com/bid/62768 https://exchange.xforce.ibmcloud.com/vulnerabilities/86598 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-3040
https://notcve.org/view.php?id=CVE-2013-3040
IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack. IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y 9.1 produce mensajes de fallo de inicio de sesión e indica si el nombre de usuario o la contraseña es incorrecta, lo que permite a atacantes remotos para enumerar las cuentas de usuario a través de un ataque de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 http://www.securityfocus.com/bid/61755 https://exchange.xforce.ibmcloud.com/vulnerabilities/84765 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3034
https://notcve.org/view.php?id=CVE-2013-3034
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the web console. Vulnerabilidad Cross-site scripting (XSS) en IBM InfoSphere Information Server hasta v8.5 FP3, v8.7 hasta FP2, y v9.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores relacionados con la consola web. • http://www-01.ibm.com/support/docview.wss?uid=swg21646136 http://www.securityfocus.com/bid/61757 https://exchange.xforce.ibmcloud.com/vulnerabilities/84646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •