NotCVE - vendor:"Ibm" product:"Infosphere Information Server On Cloud" version:"11.5.0.0"

14 results (0.006 seconds)

CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0

CVE-2020-4305

https://notcve.org/view.php?id=CVE-2020-4305

09 Jul 2020 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado por la deserial... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176677 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-4298

https://notcve.org/view.php?id=CVE-2020-4298

19 May 2020 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-4286

https://notcve.org/view.php?id=CVE-2020-4286

19 May 2020 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web con... • https://exchange.xforce.ibmcloud.com/vulnerabilities/176268 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-4384

https://notcve.org/view.php?id=CVE-2020-4384

06 May 2020 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/179265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-4237

https://notcve.org/view.php?id=CVE-2019-4237

01 Jul 2019 — A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. Una vulnerabilidad Cross-Frame Scripting en IBM InfoSphere Information Server versiones 11.3, 11.5, y 11.7 puede permitir que un atacante cargue la aplicación vulnerable en una etiqueta iframe HTML en una página maliciosa. ID de IBM X-Force: 159419. • https://exchange.xforce.ibmcloud.com/vulnerabilities/159419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0

CVE-2018-1845

https://notcve.org/view.php?id=CVE-2018-1845

17 Jun 2019 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Las versiones 1.3, 11.5 y 11.7 de IBM InfoSphere Information Server son vulnerables a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer info... • https://exchange.xforce.ibmcloud.com/vulnerabilities/150905 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-4257

https://notcve.org/view.php?id=CVE-2019-4257

06 Jun 2019 — IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. IBM InfoSphere Information Server 11.5 y 11.7 es afectado por una vulnerabilidad de revelación de información. La información confidencial en un mensaje de error puede ser usado para conducir mas ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/159945 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-4238

https://notcve.org/view.php?id=CVE-2019-4238

25 Apr 2019 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. IBM InfoSphere Information Server versión 11.3, versión 11.5 y versión 11.7 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios introducir un código JavaScript arbit... • https://exchange.xforce.ibmcloud.com/vulnerabilities/159464 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-1994

https://notcve.org/view.php?id=CVE-2018-1994

10 Apr 2019 — IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494. IBM InfoSphere Information Server versión 11.5 y versión 11.7 es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias de SQL especialmente creadas, que podrían permitirle ver, agregar, modificar o eliminar información en la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/154494 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-1917

https://notcve.org/view.php?id=CVE-2018-1917

02 Apr 2019 — IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784. IBM InfoSphere Information Server 11.3, 11.5 y 11.7 podría permitir que un usuario autenticado acceda a archivos JSP y divulgue información sensible. IBM X-Force ID: 152784. • http://www.securityfocus.com/bid/107688 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2