CVE-2018-1518
https://notcve.org/view.php?id=CVE-2018-1518
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. IBM InfoSphere Information Server 11.7 se ha visto afectado por una vulnerabilidad de cifrado débil de contraseñas que podría permitir que un usuario local obtenga información altamente sensible. IBM X-Force ID: 141682. • https://exchange.xforce.ibmcloud.com/vulnerabilities/141682 https://www.ibm.com/support/docview.wss?uid=swg22017446 • CWE-326: Inadequate Encryption Strength •
CVE-2017-1321
https://notcve.org/view.php?id=CVE-2017-1321
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. IBM InfoSphere Information Server versión 9.1,versión 11.3 y versión 11.5 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar un código JavaScript arbitrario en la interfaz del usuario web, por lo tanto, alterar la funcionalidad deseada que podría conducir a la divulgación de credenciales dentro de una sesión segura. • http://www.ibm.com/support/docview.wss?uid=swg22004729 http://www.securityfocus.com/bid/99537 https://exchange.xforce.ibmcloud.com/vulnerabilities/125916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-9000
https://notcve.org/view.php?id=CVE-2016-9000
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. IBM InfoSphere DataStage es vulnerable a las secuencias de comandos de trama cruzada, provocadas por la insuficiente protección HTML de iframe. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL manipulada para navegar a una página web que controla el atacante. • http://www.ibm.com/support/docview.wss?uid=swg21995257 http://www.securityfocus.com/bid/95324 http://www.securitytracker.com/id/1037564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-8999
https://notcve.org/view.php?id=CVE-2016-8999
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. IBM InfoSphere Information Server contiene una vulnerabilidad de importación a la hoja de estilo relativa a la ruta que permite a atacantes procesar una página en modo qirks, lo que facilita a un atacante inyectar CSS malicioso. • http://www.ibm.com/support/docview.wss?uid=swg21995155 http://www.securityfocus.com/bid/95325 http://www.securitytracker.com/id/1037563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5984
https://notcve.org/view.php?id=CVE-2016-5984
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks. IBM InfoSphere Information Server es vulnerable a las secuencias de marco cruzados, causadas por una protección iframe HTML insuficiente. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL especialmente manipulada para navegar a una página web que controla el atacante. • http://www.ibm.com/support/docview.wss?uid=swg21991682 http://www.securityfocus.com/bid/95106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •