Lucene search
K

229 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 12:7 p.m.5 views

CVE-2012-4818

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to vi...

6.5CVSS6.3AI score0.01395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 a.m.11 views

CVE-2011-3123

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...

7.2CVSS6.8AI score0.00364EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 7:14 p.m.11 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to an out of bounds write due to the FreeType package (CVE-2025-27363)

Summary FreeType is used by DataStage on Cloud Pak for Data as part of text processing functionality. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse...

8.1CVSS8.8AI score0.26049EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/02 12:0 a.m.14 views

IBM InfoSphere Information Server Multiple Vulnerabilities (April 2025)

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.6. It is, therefore, potentially affected by multiple vulnerabilities: - IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an...

6.3CVSS5.5AI score0.00239EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 1:37 p.m.15 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to OpenSSL (CVE-2022-0778)

Summary OpenSSL is used by DataStage on Cloud Pak for Data as part of secure network communication. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-craft...

7.5CVSS9.4AI score0.70561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 1:35 p.m.12 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Avro (CVE-2024-47561)

Summary Apache Avro is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java SDK...

9.2CVSS7.3AI score0.03278EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/26 9:13 a.m.20 views

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...

3.7CVSS6.3AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2025/04/23 11:15 p.m.30 views

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...

3.7CVSS0.00144EPSS
Exploits0References1
OSV
OSV
added 2025/04/23 11:15 p.m.5 views

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...

3.7CVSS5.8AI score0.00144EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/23 6:48 p.m.16 views

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-25046)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-25046 DESCRIPTION: IBM InfoSphere DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an...

3.7CVSS6.3AI score0.00144EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/23 12:0 a.m.4 views

PT-2025-17675 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue concerns the transmission of sensitive information via URL or query parameters, which could be exposed to an unauthorized actor using man-in-the-middle techniques...

3.7CVSS5.7AI score0.00144EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:14 a.m.34 views

Security Bulletin: IBM InfoSphere DataStage Flow Designer is affected by a path traversal vulnerability (CVE-2024-52363)

Summary A path traversal vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-52363 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted...

7.5CVSS6.6AI score0.0059EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/01 9:29 p.m.9 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to leaking sensitive information due to the ClassGraph package ( CVE-2021-47621 )

Summary ClassGraph is used by DataStage on Cloud Pak for Data as part of the path and module scanning functionality. Vulnerability Details CVEID:CVE-2021-47621 DESCRIPTION: ClassGraph could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

7.5CVSS6.8AI score0.00556EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:34 a.m.27 views

Security Bulletin: IBM InfoSphere Information Server is affected by a path traversal vulnerability (CVE-2023-24960)

Summary A path traversal vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-24960 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL...

7.5CVSS7.5AI score0.01406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 2:14 a.m.58 views

Security Bulletin: DataStage on Cloud Pak for Data Is Vulnerable to Sensitive Information Disclosure Error (CVE-2022-38714)

Summary A vulnerability in DataStage on Cloud Pak for Data had the potential of exposing database connection details database names, database user-id, database credential to authorized users with Cluster Admin role had they performed remote access to running datastage containers that was processi...

4.9CVSS5AI score0.00589EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2025/03/19 12:0 a.m.6 views

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer Unspecified Vulnerability (CNVD-2025-05561)

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer are both products of International Business Machines IBM.IBM InfoSphere Information Server is a data integration platform. The platform can be used to integrate data information obtained from various sources.IBM InfoSphe...

6.5CVSS6.3AI score0.00336EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/18 2:59 p.m.28 views

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...

9.8CVSS9.5AI score0.18891EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/14 7:59 p.m.19 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)

Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...

4.7CVSS4.8AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:23 p.m.9 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)

Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

5.3CVSS5.2AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/13 11:21 p.m.13 views

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to HTTP header injection due to the Django package (CVE-2021-32052)

Summary Django is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...

6.1CVSS6.3AI score0.03146EPSS
Exploits0Affected Software1
Rows per page
Query Builder