4 results (0.031 seconds)

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El servicio Hosted Transparent Decision en el servidor de la ejecución de reglas en IBM WebSphere ILOG JRules 7.1 anterior a MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 anterior a FP3 IF41; y Operational Decision Manager 8.0 anterior a MP1 FP2 IF34, 8.5 anterior a MP1 FP1 IF43, y 8.6 anterior a IF8 permite a atacantes remotos leer ficheros arbitrarios a través de una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21691815 https://exchange.xforce.ibmcloud.com/vulnerabilities/96211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la consula RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21671324 https://exchange.xforce.ibmcloud.com/vulnerabilities/92562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

The RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 does not send appropriate Cache-Control HTTP headers, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. La consola RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 no envía cabeceras HTTP de control de caché adecuadas, lo que permite a atacantes remotos obtener información sensible mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21671324 https://exchange.xforce.ibmcloud.com/vulnerabilities/92573 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the RES Console in Rule Execution Server in IBM Operational Decision Manager 7.5 before FP3 IF37, 8.0 before MP1 FP2, and 8.5 before MP1 IF26 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la consula RES en Rule Execution Server en IBM Operational Decision Manager 7.5 anterior a FP3 IF37, 8.0 anterior a MP1 FP2 y 8.5 anterior a MP1 IF26 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21671324 https://exchange.xforce.ibmcloud.com/vulnerabilities/92559 • CWE-352: Cross-Site Request Forgery (CSRF) •