CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46187 – IBM InfoSphere Master Data Management cross-site scripting
https://notcve.org/view.php?id=CVE-2023-46187
27 Jan 2025 — IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7173892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4675
https://notcve.org/view.php?id=CVE-2020-4675
16 Jul 2021 — IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. IBM InfoSphere Master Data Management Server versión 11.6, es vulnerable a un ataque de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-F... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186324 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1380
https://notcve.org/view.php?id=CVE-2018-1380
29 Oct 2018 — IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, and 11.6 could allow an authenticated user with CA level access to change change their ca-id to another users and read sensitive information. IBM X-Force ID: 138077. IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5 y 11.6 podría permitir que un usuario autenticado con acceso de nivel CA acceda para cambiar su ca-id por el de otro usuario y leer información sensible. IBM X-Force ID: 138077. • https://exchange.xforce.ibmcloud.com/vulnerabilities/138077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7423
https://notcve.org/view.php?id=CVE-2015-7423
26 Mar 2018 — Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en las versiones 9.1,10.1,11.0,11.3 y 11.4 de IBM InfoSphere Master Data Management (MDM)- Collaborative Edition permiten que usuarios autenticados remotos inyecten scripts web o ... • http://www-01.ibm.com/support/docview.wss?uid=swg21971543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7424
https://notcve.org/view.php?id=CVE-2015-7424
26 Mar 2018 — IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force ID: 107780. Las versiones 9.1,10.1, 11.0, 11.3,11.4 y 11.5 de IBM InfoSphere Data Management (MDM) - Collaborative Edition permiten a usuarios autenticados remotos omitir las restricciones de acceso previstas y obtener información sensible aprovechando el ac... • http://www-01.ibm.com/support/docview.wss?uid=swg21971542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1523
https://notcve.org/view.php?id=CVE-2017-1523
24 Oct 2017 — IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. IBM InfoSphere Master Data Management - Collaborative Edition 11.5 podría permitir que un usuario no autorizado descargue informes sin autenticación. IBM X-Force ID: 129892. • http://www.securityfocus.com/bid/101566 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1199
https://notcve.org/view.php?id=CVE-2017-1199
03 Aug 2017 — IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. Las versiones 10.0, 11.0, 11.3, 11.4, 11.5 y 11.6 de IBM InfoSphere Master Data Management Server son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilid... • http://www.ibm.com/support/docview.wss?uid=swg22006618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9719
https://notcve.org/view.php?id=CVE-2016-9719
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, podría permitir que un atacante remoto ... • http://www.ibm.com/support/docview.wss?uid=swg22006607 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9718
https://notcve.org/view.php?id=CVE-2016-9718
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site scripting (XSS). Esta vulnerabilidad... • http://www.ibm.com/support/docview.wss?uid=swg22006606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9714
https://notcve.org/view.php?id=CVE-2016-9714
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. IBM InfoSphere Master Data Management Server versiones 10.1, 11.0, 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas tra... • http://www.ibm.com/support/docview.wss?uid=swg22006608 • CWE-352: Cross-Site Request Forgery (CSRF) •