CVE-2017-1199
https://notcve.org/view.php?id=CVE-2017-1199
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674. Las versiones 10.0, 11.0, 11.3, 11.4, 11.5 y 11.6 de IBM InfoSphere Master Data Management Server son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a los usuarios introducir código JavaScript arbitrario en la interfaz de usuario de la web, lo que altera la funcionalidad prevista y puede dar lugar a la revelación de credenciales en una sesión fiable. • http://www.ibm.com/support/docview.wss?uid=swg22006618 http://www.securityfocus.com/bid/100129 https://exchange.xforce.ibmcloud.com/vulnerabilities/123674 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-9718
https://notcve.org/view.php?id=CVE-2016-9718
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site scripting (XSS). Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la Web UI, lo que altera la funcionalidad prevista que potencialmente conllevaría a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22006606 http://www.securityfocus.com/bid/100016 https://exchange.xforce.ibmcloud.com/vulnerabilities/119732 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-9714
https://notcve.org/view.php?id=CVE-2016-9714
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. IBM InfoSphere Master Data Management Server versiones 10.1, 11.0, 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 119727. • http://www.ibm.com/support/docview.wss?uid=swg22006608 https://exchange.xforce.ibmcloud.com/vulnerabilities/119727 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-9716
https://notcve.org/view.php?id=CVE-2016-9716
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. IBM InfoSphere Master Data Management Server versiones 11.0, 11.3, 11.4, 11.5 y 11.6, es vulnerable a ataques de tipo cross-site request forgery, que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. ID de IBM X-Force: 119729. • http://www.ibm.com/support/docview.wss?uid=swg22006610 http://www.securityfocus.com/bid/100026 https://exchange.xforce.ibmcloud.com/vulnerabilities/119729 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-9719
https://notcve.org/view.php?id=CVE-2016-9719
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. IBM InfoSphere Master Data Management Server versiones 10.1. 11.0. 11.3, 11.4, 11.5 y 11.6, podría permitir que un atacante remoto secuestre la acción de cliqueo de la víctima. Mediante la persuasión a la víctima para visitar un sitio web malicioso, un atacante remoto explotaría esta vulnerabilidad para secuestrar las acciones de cliqueo de la víctima y posiblemente activar más ataques contra la víctima. • http://www.ibm.com/support/docview.wss?uid=swg22006607 http://www.securityfocus.com/bid/100060 https://exchange.xforce.ibmcloud.com/vulnerabilities/119733 • CWE-20: Improper Input Validation •