2 results (0.004 seconds)

CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Las versiones 1.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/150905 https://www.ibm.com/support/docview.wss?uid=ibm10738917 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0

Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Information Server Metadata Workbench 8.1 through 9.1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en IBM InfoSphere Information Server Metadata Workbench 8.1 hasta 9.1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR49605 http://www-01.ibm.com/support/docview.wss?uid=swg21671141 https://exchange.xforce.ibmcloud.com/vulnerabilities/92273 • CWE-352: Cross-Site Request Forgery (CSRF) •