22 matches found
EUVD-2015-7338
Malware in sbrugna...
EUVD-2014-3030
Malware in sbrugna...
EUVD-2014-3085
Malware in sbrugna...
Security Bulletin: Session Identifier Not Updated vulnerability in GDS component of IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2014-3009)
Summary IBM InfoSphere Master Data Management - Collaborative Edition does not update the session identifier after a successful authentication. An attacker could exploit this vulnerability to gain unauthorized access to the application by acting as the session created by a regular user...
Security Bulletin: Blind SQL Injection vulnerability in GDS component of IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2014-0966)
Summary IBM InfoSphere Master Data Management - Collaborative Edition could allow an attacker steal data by exploiting Blind SQL Injection. Vulnerability Details Description: IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to SQL injection. A remote attacker could send...
Security Bulletin: Cross-Site Request Forgery vulnerability in GDS component of IBM InfoSphere Master Data Management - Collaborative Edition (CVE-2014-0969)
Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Cross-Site Request Forgery attacks. Vulnerability Details Description: Due to insufficient safeguards against cross-site request forgery in IBM InfoSphere Master Data Management - Collaborative Edition an...
Security Bulletin: Microsoft Windows MHTML Cross Site Scripting Alteration vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0968)
Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to cross-site scripting that is caused by improper validation of user-supplied input. A remote attacker can use a specially crafted URL to run scripts in a victim's web browser within the security context of the...
Security Bulletin: Link Injection vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0970)
Summary Link Injection vulnerabilities can allow an attacker to embed links URLs to an external site or to different pages forms within IBM® InfoSphere® Master Data Management - Collaborative Edition. The links can appear to be valid application links. Clicking a link might cause the user to...
Security Bulletin: Phishing through frames vulnerability in the GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-3009)
Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to phishing through frames vulnerability. Vulnerability Details CVE ID: CVE-2014-3009 Description: IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to phishing through frames. An...
Security Bulletin: Cross-site Scripting vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0967)
Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to cross-site scripting that is caused by improper validation of user-supplied input. A remote attacker can use a specially crafted URL to run scripts in a victim's web browser within the security context of the...
Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0114)
Summary Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability by using the class parameter of an ActionForm object to manipulate the ClassLoade...
Security Bulletin: Unix File Parameter Alteration vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-3064).
Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to a Unix file parameter alteration vulnerability. This vulnerability might allow unauthorized access to data; specifically, an authorized person might be able to copy files from the InfoSphere MDM - Collaborati...
CVE-2015-7414
The CVE-2015-7414 issue affects the GDS component of IBM InfoSphere Master Data Management – Collaborative Edition (versions 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1). It is a Cross-Site Scripting (XSS) vulnerability caused by improper validatio...
Sql injection
SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote...
CVE-2014-3009
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct...
Design/Logic Flaw
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct...
CVE-2014-3009
The CVE-2014-3009 issue affects IBM InfoSphere Master Data Management - Collaborative Edition (GDS component) 10.0–11.0 and IBM InfoSphere Master Data Management Server for Product Information Management 9.0–9.1. Root cause: the GDS component does not properly handle FRAME elements, enabling phis...
CVE-2014-0968
Cross-site scripting XSS vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject...
Cross site scripting
Cross-site scripting XSS vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject...