CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1199
https://notcve.org/view.php?id=CVE-2017-1199
03 Aug 2017 — IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. Las versiones 10.0, 11.0, 11.3, 11.4, 11.5 y 11.6 de IBM InfoSphere Master Data Management Server son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilid... • http://www.ibm.com/support/docview.wss?uid=swg22006618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9714
https://notcve.org/view.php?id=CVE-2016-9714
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. IBM InfoSphere Master Data Management Server versiones 10.1, 11.0, 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas tra... • http://www.ibm.com/support/docview.wss?uid=swg22006608 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9717
https://notcve.org/view.php?id=CVE-2016-9717
31 Jul 2017 — HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. La anulación de parámetros HTTP es identificada en el producto IBM Infosphere Master Data Management (MDM) versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6. Permite a los atacantes exponer la presencia de parámetr... • http://www.ibm.com/support/docview.wss?uid=swg22006605 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9718
https://notcve.org/view.php?id=CVE-2016-9718
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site scripting (XSS). Esta vulnerabilidad... • http://www.ibm.com/support/docview.wss?uid=swg22006606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9719
https://notcve.org/view.php?id=CVE-2016-9719
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, podría permitir que un atacante remoto ... • http://www.ibm.com/support/docview.wss?uid=swg22006607 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1945
https://notcve.org/view.php?id=CVE-2015-1945
02 Jun 2015 — Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en el componente Reference Data Management en IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 anterior a FP3, y 11.4 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21957776 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1909
https://notcve.org/view.php?id=CVE-2015-1909
25 May 2015 — The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El analizador sintáctico de XML en el componente Reference Data Management en el servidor en IBM InfoSphere Master... • http://www-01.ibm.com/support/docview.wss?uid=swg21700754 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1910
https://notcve.org/view.php?id=CVE-2015-1910
25 May 2015 — Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el componente Reference Data Management en el servidor en IBM InfoSphere Master Data Management (MDM) 10.1 anterior a IF1, 11.0 anterior a FP3, y 11.3 permite a usuarios remotos autenticados inyectar secuenc... • http://www-01.ibm.com/support/docview.wss?uid=swg21700741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4775
https://notcve.org/view.php?id=CVE-2014-4775
17 Aug 2014 — IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 do not properly protect credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM InfoSphere Master Data Management - Collaborative Edition 10.x anterior a 10.1-FP11 y 11.x anterior a 11.0-FP5 y InfoSphere Master Data Manag... • http://www-01.ibm.com/support/docview.wss?uid=swg21681640 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2014-3063
https://notcve.org/view.php?id=CVE-2014-3063
17 Aug 2014 — IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 allow local users to obtain administrator privileges via unspecified vectors. IBM InfoSphere Master Data Management - Collaborative Edition 10.x anterior a 10.1-FP11 y 11.x anterior a 11.0-FP5 y InfoSphere Master Data Management Server for Product Information Managemen... • http://secunia.com/advisories/60680 • CWE-264: Permissions, Privileges, and Access Controls •