229 matches found
CVE-2012-4818
IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to vi...
CVE-2011-3123
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to an out of bounds write due to the FreeType package (CVE-2025-27363)
Summary FreeType is used by DataStage on Cloud Pak for Data as part of text processing functionality. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse...
IBM InfoSphere Information Server Multiple Vulnerabilities (April 2025)
The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.6. It is, therefore, potentially affected by multiple vulnerabilities: - IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to OpenSSL (CVE-2022-0778)
Summary OpenSSL is used by DataStage on Cloud Pak for Data as part of secure network communication. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-craft...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Avro (CVE-2024-47561)
Summary Apache Avro is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java SDK...
CVE-2025-25046
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...
CVE-2025-25046
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...
CVE-2025-25046
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...
Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-25046)
Summary A sensitive information disclosure vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-25046 DESCRIPTION: IBM InfoSphere DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an...
PT-2025-17675 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue concerns the transmission of sensitive information via URL or query parameters, which could be exposed to an unauthorized actor using man-in-the-middle techniques...
Security Bulletin: IBM InfoSphere DataStage Flow Designer is affected by a path traversal vulnerability (CVE-2024-52363)
Summary A path traversal vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-52363 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to leaking sensitive information due to the ClassGraph package ( CVE-2021-47621 )
Summary ClassGraph is used by DataStage on Cloud Pak for Data as part of the path and module scanning functionality. Vulnerability Details CVEID:CVE-2021-47621 DESCRIPTION: ClassGraph could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
Security Bulletin: IBM InfoSphere Information Server is affected by a path traversal vulnerability (CVE-2023-24960)
Summary A path traversal vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-24960 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL...
Security Bulletin: DataStage on Cloud Pak for Data Is Vulnerable to Sensitive Information Disclosure Error (CVE-2022-38714)
Summary A vulnerability in DataStage on Cloud Pak for Data had the potential of exposing database connection details database names, database user-id, database credential to authorized users with Cluster Admin role had they performed remote access to running datastage containers that was processi...
IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer Unspecified Vulnerability (CNVD-2025-05561)
IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer are both products of International Business Machines IBM.IBM InfoSphere Information Server is a data integration platform. The platform can be used to integrate data information obtained from various sources.IBM InfoSphe...
Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15
Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)
Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)
Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to HTTP header injection due to the Django package (CVE-2021-32052)
Summary Django is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...