CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38948
https://notcve.org/view.php?id=CVE-2021-38948
02 Nov 2021 — IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402. IBM InfoSphere Information Server versión 11.7 es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o cons... • https://exchange.xforce.ibmcloud.com/vulnerabilities/211402 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29888
https://notcve.org/view.php?id=CVE-2021-29888
02 Nov 2021 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123. IBM InfoSphere Information Server versión 11.7 es vulnerable a un ataque de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 207123 • https://exchange.xforce.ibmcloud.com/vulnerabilities/207123 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29875
https://notcve.org/view.php?id=CVE-2021-29875
02 Nov 2021 — IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572. IBM InfoSphere Information Server versión 11.7, podría permitir a un atacante conseguir información confidencial debido a una vulnerabilidad de acceso a dominios de terceros no seguros. IBM X-Force ID: 206572 • https://exchange.xforce.ibmcloud.com/vulnerabilities/206572 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29771
https://notcve.org/view.php?id=CVE-2021-29771
02 Nov 2021 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM InfoSphere Information Server versión 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalid... • https://exchange.xforce.ibmcloud.com/vulnerabilities/202773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29738
https://notcve.org/view.php?id=CVE-2021-29738
02 Nov 2021 — IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302. IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server versión 11.7 ) es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autentica... • https://exchange.xforce.ibmcloud.com/vulnerabilities/201302 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29737
https://notcve.org/view.php?id=CVE-2021-29737
02 Nov 2021 — IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301. El componente IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server versión 11.7 ) comprueba de forma inapropiada el certificado del servidor REST API. IBM X-Force ID: 201301 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201301 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29730
https://notcve.org/view.php?id=CVE-2021-29730
09 Jul 2021 — IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164. IBM InfoSphere Information Server versión 11.7, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podría permitir al atacante visualizar, añadir, modificar o eliminar información en la base de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/201164 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29712
https://notcve.org/view.php?id=CVE-2021-29712
09 Jul 2021 — IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966. IBM InfoSphere Information Server versión 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alte... • https://exchange.xforce.ibmcloud.com/vulnerabilities/200966 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29681
https://notcve.org/view.php?id=CVE-2021-29681
21 May 2021 — IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918. IBM InfoSphere Information Server versión 11.7 podría permitir a un atacante conseguir información confidencial inyectando parámetros en una consulta HTML. Esta información podría ser utilizada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/199917 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29747
https://notcve.org/view.php?id=CVE-2021-29747
17 May 2021 — IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775. IBM InfoSphere Information Server versión 11.7, podría permitir a un atacante remoto obtener información altamente confidencial debido a una vulnerabilidad en el mecanismo de autenticación. IBM X-Force ID: 201775 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201775 •