2 matches found
Security Bulletin: In IBM InfoSphere Information Server, the Information Services Catalog interface is vulnerable to various web UI vulnerabilities (CVE-2013-3034, CVE-2013-4057, CVE-2013-4059, CVE-2012-4819)
Summary The Information Services Catalog interface of the IBM InfoSphere Information Server web console is exposed to various well known web UI vulnerabilities: phishing through frames, cacheable SSL pages, link injection, cross-site request forgery and cross-site scripting. Vulnerability Details...
CVE-2013-4057
CVE-2013-4057 affects IBM InfoSphere Information Server XML Pack (versions 8.5.x up to FP3, 8.7.x up to FP2, and 9.1.x up to 9.1.2.0). The root cause is insufficient CSRF protections, allowing an attacker to trick a logged-in user into performing actions via a malicious URL, potentially hijacking...