CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2017-1199
https://notcve.org/view.php?id=CVE-2017-1199
03 Aug 2017 — IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. Las versiones 10.0, 11.0, 11.3, 11.4, 11.5 y 11.6 de IBM InfoSphere Master Data Management Server son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilid... • http://www.ibm.com/support/docview.wss?uid=swg22006618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9714
https://notcve.org/view.php?id=CVE-2016-9714
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. IBM InfoSphere Master Data Management Server versiones 10.1, 11.0, 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas tra... • http://www.ibm.com/support/docview.wss?uid=swg22006608 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9715
https://notcve.org/view.php?id=CVE-2016-9715
31 Jul 2017 — IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728. IBM InfoSphere Master Data Management Server versiones 11.0, 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site scripting (XSS). Esta vulnerabilidad permite a l... • http://www.ibm.com/support/docview.wss?uid=swg22006611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9716
https://notcve.org/view.php?id=CVE-2016-9716
31 Jul 2017 — IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. IBM InfoSphere Master Data Management Server versiones 11.0, 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas de... • http://www.ibm.com/support/docview.wss?uid=swg22006610 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9717
https://notcve.org/view.php?id=CVE-2016-9717
31 Jul 2017 — HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. La anulación de parámetros HTTP es identificada en el producto IBM Infosphere Master Data Management (MDM) versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6. Permite a los atacantes exponer la presencia de parámetr... • http://www.ibm.com/support/docview.wss?uid=swg22006605 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9718
https://notcve.org/view.php?id=CVE-2016-9718
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site scripting (XSS). Esta vulnerabilidad... • http://www.ibm.com/support/docview.wss?uid=swg22006606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9719
https://notcve.org/view.php?id=CVE-2016-9719
31 Jul 2017 — IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, podría permitir que un atacante remoto ... • http://www.ibm.com/support/docview.wss?uid=swg22006607 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1309
https://notcve.org/view.php?id=CVE-2017-1309
19 Jul 2017 — IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. IBM InfoSphere Master Data Management Server versión 11.0 hasta 11.6, almacena las credenciales de usuario en texto plano y sin cifrar que puede ser leído por un usuario local. ID de IBM X-Force: 125463. • http://www.ibm.com/support/docview.wss?uid=swg22005437 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1945
https://notcve.org/view.php?id=CVE-2015-1945
02 Jun 2015 — Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en el componente Reference Data Management en IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 anterior a FP3, y 11.4 permite a usuarios remotos autenticados ganar privilegios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21957776 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1909
https://notcve.org/view.php?id=CVE-2015-1909
25 May 2015 — The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El analizador sintáctico de XML en el componente Reference Data Management en el servidor en IBM InfoSphere Master... • http://www-01.ibm.com/support/docview.wss?uid=swg21700754 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •