5 results (0.003 seconds)

CVSS: 6.5EPSS: 9%CPEs: 1EXPL: 0

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls. IBM InfoSphere BigInsights anterior a 2.1.0.3 permite a usuarios remotos autenticados evadir las restricciones de fichero y directorio, o acceder a datos o código no confiables, a través de parámetros manipulados en llamadas API no especificadas. Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. • http://secunia.com/advisories/59676 http://www-01.ibm.com/support/docview.wss?uid=swg21677445 http://www.securityfocus.com/bid/68449 https://exchange.xforce.ibmcloud.com/vulnerabilities/84982 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0

CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en la consola web Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21667812 https://exchange.xforce.ibmcloud.com/vulnerabilities/84987 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0

Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en la consola web de Application Enterprise en IBM InfoSphere BigInsights 1.1 y 2.x anterior a 2.1 FP2 permite a usuarios remotos autenticados redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21667812 http://www.securityfocus.com/bid/66360 https://exchange.xforce.ibmcloud.com/vulnerabilities/84986 • CWE-20: Improper Input Validation •

CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights 1.1 through 2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en IBM InfoSphere BigInsights v1.1 hasta v2.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/54447 http://www-01.ibm.com/support/docview.wss?uid=swg21645804 http://www.securityfocus.com/bid/61604 http://www.securitytracker.com/id/1028883 https://exchange.xforce.ibmcloud.com/vulnerabilities/84984 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0

IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site. IBM InfoSphere BigInsights v1.1 hasta v2.1 no maneja adecuadamente los elementos FRAME, lo que hace que sea más fácil para los usuarios remotos autenticados para llevar a cabo ataques de phishing a través de un sitio web manipulado. • http://secunia.com/advisories/54447 http://www-01.ibm.com/support/docview.wss?uid=swg21645804 http://www.securityfocus.com/bid/61604 http://www.securitytracker.com/id/1028883 https://exchange.xforce.ibmcloud.com/vulnerabilities/84985 • CWE-20: Improper Input Validation •