229 matches found
Security Bulletin: IBM DataStage Flow Designer application is affected by an information disclosure vulnerability (CVE-2026-9836)
Summary An information disclosure vulnerability was addressed in IBM DataStage Flow Designer . Vulnerability Details CVEID:CVE-2026-9836 DESCRIPTION: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. CWE:CWE-200: Exposure of...
CVE-2026-9836
IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 is affected by CVE-2026-9836, an information-disclosure vulnerability in the DataStage Flow Designer application (CWE-200). Reported base score varies by source (NVD lists 7.5 HIGH overall but IBM notes a CVSS v3.1 base score of 3.5, LOW). The u...
CVE-2026-9836 IBM DataStage Flow Designer application is affected by an information disclosure vulnerability
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-2581 DESCRIPTION: This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici...
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service (ReDoS) due to the transformers package (CVE-2025-2099)
Summary The transformers package is used by DataStage on Cloud Pak for Data as part of machine learning processing. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version...
CVE-2025-36422
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
EUVD-2025-209025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-36422
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-36422
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-36422
IBM InfoSphere Information Server (11.7.0.0–11.7.1.6), specifically DataStage Flow Designer, is affected by CVE-2025-36422: Cross-Site Request Forgery that could allow an attacker to perform malicious actions via a trusted user session. The vulnerability has a CVSS v3.1 base score of 4.3 (Medium)...
CVE-2025-36422 IBM InfoSphere Information Server is vulnerable to cross-site request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
PT-2026-28114
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2025-36422)
Summary A cross-site request forgery vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2025-36422 DESCRIPTION: IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to handshake corruption due to the crypto/tls package (CVE-2025-68121)
Summary Crypto/tls is used as part of secure encryption by DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-68121 DESCRIPTION: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the...
CVE-2025-13688
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...
CVE-2025-13616
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...
CVE-2025-13687
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component...
CVE-2025-13687
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component...
CVE-2025-13688
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...