PT-2026-28114

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

EUVD-2015-2005

Malware in sbrugna...

EUVD-2016-9825

Malware in sbrugna...

EUVD-2023-27572

Malicious code in bioql PyPI...

EUVD-2022-44020

Malicious code in bioql PyPI...

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-36034)

Summary A disclosure of sensitive information vulnerability in InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-36034 DESCRIPTION: IBM InfoSphere DataStage Flow Designer discloses sensitive user information in API requests in clear text that could be...

CVE-2025-36034

CVE-2025-36034 affects IBM InfoSphere DataStage Flow Designer within IBM InfoSphere Information Server 11.7. The issue causes cleartext transmission of sensitive user information in API requests, enabling potential disclosure via man-in-the-middle. The IBM security bulletin cites CWE-319 and list...

Security Bulletin: IBM InfoSphere DataStage is vulnerable due to cleartext storage of sensitive information (CVE-2025-1499)

Summary A vulnerability due to cleartext storage of sensitive information in IBM InfoSphere DataStage was addressed. Vulnerability Details CVEID:CVE-2025-1499 DESCRIPTION: IBM InfoSphere DataStage stores credential information for database authentication in a cleartext parameter file that could b...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-25046)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-25046 DESCRIPTION: IBM InfoSphere DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is affected by a path traversal vulnerability (CVE-2024-52363)

Summary A path traversal vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-52363 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted...

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer Unspecified Vulnerability (CNVD-2025-05561)

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer are both products of International Business Machines IBM.IBM InfoSphere Information Server is a data integration platform. The platform can be used to integrate data information obtained from various sources.IBM InfoSphe...

CVE-2023-23472

IBM InfoSphere DataStage Flow Designer InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is affected by an information disclosure vulnerability (CVE-2023-23472)

Summary An information disclosure vulnerability in InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2023-23472 DESCRIPTION: IBM InfoSphere DataStage Flow Designer could allow an authenticated user to obtain sensitive information that could aid in further attacks...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable to Server-Side Request Forgery

Summary A Server-Side Request Forgery vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2021-29738 DESCRIPTION: IBM InfoSphere Data Flow Designer is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to sen...

Command injection

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687...

IBM InfoSphere DataStage Flow Designer 命令注入漏洞

IBM InfoSphere DataStage Flow Designer is a Web-based data stage flow designer from International Business Machines IBM. A command injection vulnerability exists in IBM InfoSphere DataStage Flow Designer version 11.7 that stems from vulnerability to a command injection vulnerability...

Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine (CVE-2012-4818)

Abstract Security Bulletin: Lack of path restriction may allow access to sensitive data stored on Information Server Engine CVE-2012-4818 Content VULNERABILITY DETAILS: CVE ID: CVE-2012-4818 DESCRIPTION: Whenever an Information Server client application such as InfoSphere DataStage and QualitySta...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to improper certificate validation

Summary A vulnerability due to improper certificate validation in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID: CVE-2021-29737 DESCRIPTION: IBM InfoSphere Data Flow Designer Engine component has improper validation of the REST API server certificate. CVSS Base...

IBM InfoSphere DataStage Flow Designer Trust Management Issue Vulnerability

Ibm InfoSphere DataStage Flow Designer is a Web-based data stage flow designer from Ibm, Inc. A security vulnerability exists in Ibm InfoSphere DataStage Flow Designer that stems from an error in the validation of REST API server credentials by the IBM InfoSphere DataStage Flow Designer engine...