Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to the following Castor Library vulnerability (CVE-2014-3004)

Summary Castor Library could allow a remote attacker to obtain sensitive information in various IBM Information Server components. This is caused by an XML External Entity Injection XXE error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition™ affect IBM InfoSphere Information Server (CVE-2013-5802, CVE-2013-5823, CVE-2013-5825, CVE-2013-5780, CVE-2013-5803 and CVE-2013-5372)

Summary IBM Information Server is impacted by security vulnerabilities in IBM SDK, Java Technology Edition™ that affect availability and confidentiality. Vulnerability Details CVE ID:CVE-2013-5802 DESCRIPTION: An unspecified vulnerability related to the JAXP component has partial confidentiality...

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4057, CVE-2013-4058 and CVE-2013-4059)

Summary Security vulnerabilities exist in various versions of IBM InfoSphere Information Server or constituent products. See the individual descriptions for details. Vulnerability Details CVE ID: CVE-2013-4057 DESCRIPTION: Due to insufficient safeguards against cross-site request forgery in...

CVE-2013-4057

Cross-site request forgery CSRF vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users...

CVE-2013-4057

CVE-2013-4057 affects IBM InfoSphere Information Server XML Pack (versions 8.5.x up to FP3, 8.7.x up to FP2, and 9.1.x up to 9.1.2.0). The root cause is insufficient CSRF protections, allowing an attacker to trick a logged-in user into performing actions via a malicious URL, potentially hijacking...

CVE-2013-4057

Cross-site request forgery CSRF vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users...