Security Bulletin: IBM InfoSphere Information Server is vulnerable due to information exposure (CVE-2026-2484)

Summary An information exposure vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-2484 DESCRIPTION: InfoSphere Information Server is affected by an information exposure vulnerability caused by overly verbose error messages. CWE:CWE-209:...

Security Bulletin: IBM InfoSphere Information Server is affected by a server-side request forgery (CVE-2025-12832)

Summary A server-side request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-12832 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

Security Bulletin: IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability (CVE-2025-12531)

Summary An XML external entity injection XXE vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-12531 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Axios (CVE-2025-58754)

Summary A vulnerability in Axios that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

EUVD-2019-13827

Malware in sbrugna...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons FileUpload (CVE-2025-48976)

Summary A vulnerability in Apache Commons FileUpload that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

Security Bulletin: IBM InfoSphere Information Server is affected by an improper input validation vulnerability in Apache POI (CVE-2025-31672)

Summary An improper input validation vulnerability in Apache POI that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xls...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Netty (CVE-2025-25193)

Summary A vulnerability in Netty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsaf...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to a Cross-Frame Scripting Exploit (CVE-2021-29827)

Summary A cross-frame scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-29827 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to an observable response discrepancy (CVE-2024-51477)

Summary An observable response discrepancy vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51477 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated to obtain sensitive username information due to an observable respons...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes ingress-nginx (CVE-2024-7646)

Summary A vulnerability in Kubernetes ingress-nginx that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...

Security Bulletin: IBM InfoSphere Information Server is affected by a security vulnerability in Certifi python-certifi (CVE-2024-39689)

Summary A security vulnerability in Certifi python-certifi that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2024-28795)

Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-28795 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript co...

Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation

Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Pallets Werkzeug (CVE-2023-46136)

Summary A vulnerability in Pallets Werkzeug used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...

Security Bulletin: IBM InfoSphere Information Server is affected by OpenSSL Vulnerability (CVE-2023-0464)

Summary A vulnerability in OpenSSL used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints...

Security Bulletin: IBM InfoSphere Information Server is affected by a Sensitive data exposure vulnerability (CVE-2024-22352)

Summary A Sensitive data exposure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22352 DESCRIPTION: IBM InfoSphere Information Server stores potentially sensitive information in log files that could be read by a local user. CVSS Base score:...

Security Bulletin: IBM InfoSphere Information Server is affected by urllib3 vulnerability (CVE-2023-43804)

Summary A vulnerability in urllib3 used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped during...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary A vulnerability in snappy-java used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request, a...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-35717)

Summary An OS command injection vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-35717 DESCRIPTION: IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a...