CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2011-3124
https://notcve.org/view.php?id=CVE-2011-3124
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors. IBM InfoSphere Information Server 8.5 y 8.5.0.1 en Unix y Linux, tal como se usa en IBM InfoSphere DataStage 8.5 y 8.5.0.1 y otros productos, asigna incorrectamente la propiedad de fiheros sin especificar, lo que permite a usuarios locales escalar privilegios a través de vectores desconocidos. • http://secunia.com/advisories/45036 http://www-01.ibm.com/support/docview.wss?uid=swg1JR39769 http://www.ibm.com/support/docview.wss?uid=swg21504279 http://www.ibm.com/support/docview.wss?uid=swg24030333 http://www.securityfocus.com/bid/48516 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4240
https://notcve.org/view.php?id=CVE-2009-4240
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors. Múltiples desbordamientos de búfer en ejecutables setuid no especificados en el DataStage subsystem en IBM InfoSphere Information Server 8.1 en versiones anteriores a la FP1 tienen un impacto y vectores de ataque desconocidos. • http://secunia.com/advisories/37556 http://www-01.ibm.com/support/docview.wss?uid=swg1JR30394 http://www-01.ibm.com/support/docview.wss?uid=swg21406224 http://www.osvdb.org/60807 http://www.securityfocus.com/bid/37245 http://www.vupen.com/english/advisories/2009/3432 https://exchange.xforce.ibmcloud.com/vulnerabilities/54609 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-4239
https://notcve.org/view.php?id=CVE-2009-4239
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola Web en IBM InfoSphere Information Server 8.1 en versiones anteriores a la FP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/37556 http://www-01.ibm.com/support/docview.wss?uid=swg1JR32573 http://www-01.ibm.com/support/docview.wss?uid=swg21406224 http://www.osvdb.org/60806 http://www.securityfocus.com/bid/37246 http://www.vupen.com/english/advisories/2009/3432 https://exchange.xforce.ibmcloud.com/vulnerabilities/54608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •