CVE-2012-0702
https://notcve.org/view.php?id=CVE-2012-0702
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, no valida correctamente la autenticación, permitiendo a usuarios remotos autenticados ganar privilegios mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73287 • CWE-287: Improper Authentication •
CVE-2009-4240
https://notcve.org/view.php?id=CVE-2009-4240
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors. Múltiples desbordamientos de búfer en ejecutables setuid no especificados en el DataStage subsystem en IBM InfoSphere Information Server 8.1 en versiones anteriores a la FP1 tienen un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/37556 http://www-01.ibm.com/support/docview.wss?uid=swg1JR30394 http://www-01.ibm.com/support/docview.wss?uid=swg21406224 http://www.osvdb.org/60807 http://www.securityfocus.com/bid/37245 http://www.vupen.com/english/advisories/2009/3432 https://exchange.xforce.ibmcloud.com/vulnerabilities/54609 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4239
https://notcve.org/view.php?id=CVE-2009-4239
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola Web en IBM InfoSphere Information Server 8.1 en versiones anteriores a la FP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/37556 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32573 http://www-01.ibm.com/support/docview.wss?uid=swg21406224 http://www.osvdb.org/60806 http://www.securityfocus.com/bid/37246 http://www.vupen.com/english/advisories/2009/3432 https://exchange.xforce.ibmcloud.com/vulnerabilities/54608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •