CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40752
https://notcve.org/view.php?id=CVE-2022-40752
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. IBM InfoSphere DataStage 11.7 es vulnerable a una vulnerabilidad de inyección de comandos debido a una neutralización inadecuada de elementos especiales. ID de IBM X-Force: 236687. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236687 https://www.ibm.com/support/pages/node/6833566 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22442
https://notcve.org/view.php?id=CVE-2022-22442
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." "IBM InfoSphere Information Server 11.7 podría permitir que un usuario autenticado acceda a información restringida a usuarios con privilegios elevados debido a controles de acceso inadecuados. IBM X-Force ID: 224427". • https://www.ibm.com/support/pages/node/6829325 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22454
https://notcve.org/view.php?id=CVE-2022-22454
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM InfoSphere Information Server versión 11.7, podría permitir a un atacante autenticado localmente ejecutar comandos arbitrarios en el sistema mediante el envío de una petición especialmente diseñada • https://exchange.xforce.ibmcloud.com/vulnerabilities/224987 https://www.ibm.com/support/pages/node/6584175 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0CVE-2020-4305
https://notcve.org/view.php?id=CVE-2020-4305
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado por la deserialización de datos no confiables. Al persuadir a una víctima para que visite un sitio web especialmente diseñado, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176677 https://www.ibm.com/support/pages/node/6244664 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4298
https://notcve.org/view.php?id=CVE-2020-4298
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. IBM InfoSphere Information Server versiones 11.3, 11.5 y 11.7, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/176475 https://www.ibm.com/support/pages/node/6194775 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •