CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

CVE-2025-13691

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system...

CVE-2025-13691 DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression DoS and command injection due to the python package (CVE-2024-6232, CVE-2024-9287)

Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to remote code execution due to the setuptools package (CVE-2025-47273)

Summary Setuptools is used by DataStage on Cloud Pak for Data as part of package handling. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to signature forgery due to the node-forge package (CVE-2022-24771, CVE-2022-24772 )

Summary Node-forge is used by DataStage on Cloud Pak for Data as part of connection encryption. Vulnerability Details CVEID:CVE-2022-24771 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signatu...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)

Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)

Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Avro (CVE-2024-47561)

Summary Apache Avro is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java SDK...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to leaking sensitive information due to the ClassGraph package ( CVE-2021-47621 )

Summary ClassGraph is used by DataStage on Cloud Pak for Data as part of the path and module scanning functionality. Vulnerability Details CVEID:CVE-2021-47621 DESCRIPTION: ClassGraph could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service and nonstandard cookie parsing due to hbase-client.

Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client API for HBase. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to the SnakeYAML package (CVE-2022-38751, CVE-2017-18640, CVE-2022-38749, CVE-2022-38750, CVE-2022-38752, CVE-2022-25857, CVE-2022-41854, CVE-2022-1471)

Summary SnakeYAML is used by DataStage on Cloud Pak for Data as part of the YAML serialization functionality. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM. IBM InfoSphere Information Server versions 8.1, 8.5 and 8.7 contain an information disclosure vulnerability that stems from a program that does not properly restrict directories. An...

CVE-2012-0701

CVE-2012-0701 : The IBM InfoSphere DataStage client in Information Server 8.1, 8.5 (before FP3), and 8.7 relies on client-side access control, enabling remote authenticated users to escalate privileges via unspecified vectors. Remediation (per IBM Security Bulletin): for 8.1, install Fix Pack 2 a...