CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0CVE-2018-1845
https://notcve.org/view.php?id=CVE-2018-1845
17 Jun 2019 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Las versiones 1.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer info... • https://exchange.xforce.ibmcloud.com/vulnerabilities/150905 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-0933
https://notcve.org/view.php?id=CVE-2014-0933
16 May 2014 — Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en IBM InfoSphere Information Server Metadata Workbench 8.1 hasta 9.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR49605 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2012-0203
https://notcve.org/view.php?id=CVE-2012-0203
31 Jan 2013 — Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en InfoSphere Metadata Workbench (MWB) v8.1 through v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7, permite a atacantes remotos inyectar secuencias de c... • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2012-0205
https://notcve.org/view.php?id=CVE-2012-0205
31 Jan 2013 — InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. InfoSphere Metadata Workbench (MWB) v8.1 hasta v8.7 en IBM InfoSphere Information Server v8.1, v8.5 anterior a FP3, y v8.7 no restringe correctamente el uso de la funcionlidad de ... • http://www-01.ibm.com/support/docview.wss?uid=swg21623501 • CWE-264: Permissions, Privileges, and Access Controls •