Show filters
2,287 Total Results
Displaying 161-170 of 2,287
Sort by:
Attacker Value
Unknown

CVE-2023-50952

Disclosure Date: June 30, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.
Attacker Value
Unknown

CVE-2024-35119

Disclosure Date: June 30, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.
Attacker Value
Unknown

CVE-2024-31902

Disclosure Date: June 30, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.
Attacker Value
Unknown

CVE-2024-28798

Disclosure Date: June 30, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.
Attacker Value
Unknown

CVE-2023-50954

Disclosure Date: June 30, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.
Attacker Value
Unknown

CVE-2024-28795

Disclosure Date: June 30, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832.
Attacker Value
Unknown

CVE-2023-35022

Disclosure Date: June 30, 2024 (last updated February 26, 2025)
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.
Attacker Value
Unknown

CVE-2024-6370

Disclosure Date: June 27, 2024 (last updated February 26, 2025)
A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803.
Attacker Value
Unknown

CVE-2024-6369

Disclosure Date: June 27, 2024 (last updated February 26, 2025)
A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LV_ReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269802 is the identifier assigned to this vulnerability.
Attacker Value
Unknown

CVE-2024-6368

Disclosure Date: June 27, 2024 (last updated February 26, 2025)
A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.