Page 4 of 25 results (0.008 seconds)

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados llevar a cabo ataques de clickjacking a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75143 • CWE-20: Improper Input Validation •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which reveals the full path in an error message. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados obtener información sensible a través de una solicitud manipulada, la cual revela la ruta completa en un mensaje de error. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75477 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03, permite a usuarios remotos autenticados inyectar secuencias de comandos o HTML arbitrario a traves de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. Vulnerabilidad en IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3 y 11.4 anterior a FP03 permite a usuarios remotos autenticados eludir las restricciones de acceso previstos y leer perfiles arbitrarios a través de vectores no especificados, como lo demuestra el descubrimiento de nombre de usuario para su uso en ataques de fuerza bruta. • http://www-01.ibm.com/support/docview.wss?uid=swg21960244 http://www.securityfocus.com/bid/75474 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en el componente Reference Data Management en IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 anterior a FP3, y 11.4 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21957776 http://www.securityfocus.com/bid/74929 •