Page 5 of 48 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM Rhapsody DM en sus versiones 5.0 y 6.0 podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. Al persuadir a una víctima para que visite un sitio web especialmente manipulado, un atacante remoto podría explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecería de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22006052 https://exchange.xforce.ibmcloud.com/vulnerabilities/125148 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Rhapsody DM 5.0 y 6.0 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podría dar lugar a una revelación de credenciales en una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22006052 https://exchange.xforce.ibmcloud.com/vulnerabilities/124629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912. IBM Rhapsody DM versiones 5.0 y 6.0, es vulnerable a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Web UI, por lo tanto, alterar la funcionalidad deseada que podría conllevar a la revelación de credenciales dentro de una sesión confiable. • http://www.ibm.com/support/docview.wss?uid=swg22006052 http://www.securityfocus.com/bid/100124 https://exchange.xforce.ibmcloud.com/vulnerabilities/118912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 118EXPL: 0

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. IBM Jazz Foundation podría permitir a un atacante autenticado obtener información confidencial de los rastreos de la pila de los mensajes de error. IBM X-Force ID: 119528. • http://www.ibm.com/support/docview.wss?uid=swg22005435 https://exchange.xforce.ibmcloud.com/vulnerabilities/119528 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 102EXPL: 0

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. Jazz Foundation de IBM es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, lo que altera la funcionalidad deseada que puede conllevar a la divulgación de credenciales dentro de una sesión de segura. • http://www.ibm.com/support/docview.wss?uid=swg22004534 http://www.securityfocus.com/bid/99060 https://exchange.xforce.ibmcloud.com/vulnerabilities/120209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •