CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1906
https://notcve.org/view.php?id=CVE-2018-1906
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un usuario autenticado descargue código utilizando una petición HTTP especialmente manipulada. IBM X-Force ID: 152663. • http://www.securityfocus.com/bid/107735 https://exchange.xforce.ibmcloud.com/vulnerabilities/152663 https://www.ibm.com/support/docview.wss?uid=ibm10872320 •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1875
https://notcve.org/view.php?id=CVE-2018-1875
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639. IBM InfoSphere Information Governance Catalog, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante remoto realizar ataques de phishing utilizando un ataque de redirección abierta. • http://www.ibm.com/support/docview.wss?uid=ibm10738911 https://exchange.xforce.ibmcloud.com/vulnerabilities/151639 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1899
https://notcve.org/view.php?id=CVE-2018-1899
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. IBM InfoSphere Information Server, en sus versiones 11.3, 11.5 y 11.7, podría permitir a un atacante modificar uno de los ajustes relacionados con InfoSphere Business Glossary Anywhere debido a un control de acceso incorrecto. IBM X-Force ID: 152528. • http://www.ibm.com/support/docview.wss?uid=ibm10744029 https://exchange.xforce.ibmcloud.com/vulnerabilities/152528 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1701
https://notcve.org/view.php?id=CVE-2018-1701
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970. IBM InfoSphere Information Server 11.7 podría permitir que un usuario autenticado en condiciones especializadas inyecte comandos en el proceso de instalación que se ejecutarían en WebSphere Application Server. IBM X-Force ID: 145970. • https://exchange.xforce.ibmcloud.com/vulnerabilities/145970 https://www.ibm.com/support/docview.wss?uid=ibm10730555 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1895
https://notcve.org/view.php?id=CVE-2018-1895
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=ibm10744013 https://exchange.xforce.ibmcloud.com/vulnerabilities/152159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •