Vulners
Lucene search
IBM InfoSphere Information Server Multiple Vulnerabilities (November 2023)
10
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(303203);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");
script_cve_id(
"CVE-2023-38268",
"CVE-2023-40699",
"CVE-2023-42009",
"CVE-2023-43015",
"CVE-2023-50303"
);
script_xref(name:"IAVB", value:"2023-B-0092-S");
script_name(english:"IBM InfoSphere Information Server Multiple Vulnerabilities (November 2023)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.4. It
is, therefore, potentially affected by multiple vulnerabilities, including:
- IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker
to execute malicious and unauthorized actions transmitted from a user that the website trusts.
(CVE-2023-38268)
- IBM InfoSphere Information Server could allow a remote attacker to cause a denial of service due to improper
input validation. (CVE-2023-40699)
- IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed
arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to
credentials disclosure within a trusted session. (CVE-2023-50303)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7116120");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7067704");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7070755");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7067714");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7067682");
script_set_attribute(attribute:"solution", value:
"Upgrade IBM InfoSphere Information Server based upon the guidance specified in the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-38268");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/28");
script_set_attribute(attribute:"patch_publication_date", value:"2023/11/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:infosphere_information_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_infosphere_information_server.nbin");
script_require_keys("SMB/Registry/Enumerated", "installed_sw/IBM InfoSphere Information Server");
exit(0);
}
include('vcf.inc');
var app = 'IBM InfoSphere Information Server';
var app_info = vcf::get_app_info(app:app, win_local:TRUE);
if (empty_or_null(app_info)) audit(AUDIT_NOT_INST, app);
# 11.7.1.4 requires an interim patch, so audit out if we are not paranoid
if (app_info.version == '11.7.1.4' && report_paranoia < 2)
audit(AUDIT_POTENTIAL_VULN, app);
var constraints = [
{ 'min_version':'11.7', 'max_version':'11.7.1.4', 'fixed_display':'11.7.1.4 Service Pack 2' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Apr 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.17.5 - 8.8
EPSS0.00251
SSVC