CVE-2015-4958
https://notcve.org/view.php?id=CVE-2015-4958
IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 does not properly restrict browser caching, which allows local users to obtain sensitive information by reading cache files. IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3.0.0 IF7 y 11.4 en versiones anteriores a 11.4.0.4 IF1 no restringe adecuadamente el almacenamiento en caché del navegador, lo que permite a usuarios locales obtener información sensible mediante la lectura de archivos de caché. • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7414
https://notcve.org/view.php?id=CVE-2015-7414
Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el componente GDS en IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 en versiones anteriores a 11.0.0.0 IF11, 11.3 en versiones anteriores a 11.3.0.0 IF7 y 11.4 en versiones anteriores a 11.4.0.4 IF1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21971545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-1980
https://notcve.org/view.php?id=CVE-2015-1980
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75143 • CWE-20: Improper Input Validation •
CVE-2015-1982
https://notcve.org/view.php?id=CVE-2015-1982
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados obtener información sensible a través de una solicitud manipulada, la cual revela la ruta completa en un mensaje de error. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75477 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1968
https://notcve.org/view.php?id=CVE-2015-1968
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03, permite a usuarios remotos autenticados inyectar secuencias de comandos o HTML arbitrario a traves de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •