3 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server Framework and InfoSphere Information Governance Catalog 11.3 before 11.3.1.2, and Information Server Framework and InfoSphere Information Governance Catalog 11.5 before 11.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Information Server Framework 8.5, Information Server Framework e InfoSphere Information Server Business Glossary 8.7 en versiones anteriores a FP2, Information Server Framework e InfoSphere Information Server Business Glossary 9.1 en versiones anteriores a 9.1.2.0, Information Server Framework e InfoSphere Information Governance Catalog 11.3 en versiones anteriores a 11.3.1.2 e Information Server Framework e InfoSphere Information Governance Catalog 11.5 en versiones anteriores a 11.5.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55452 http://www-01.ibm.com/support/docview.wss?uid=swg21981766 http://www.securityfocus.com/bid/92133 http://www.securitytracker.com/id/1036418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors. Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, no valida correctamente la autenticación, permitiendo a usuarios remotos autenticados ganar privilegios mediante vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73287 • CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0

Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en Information Services Framework (ISF) en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, permite a atacantes remotos redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 https://exchange.xforce.ibmcloud.com/vulnerabilities/73289 • CWE-20: Improper Input Validation •