PT-2024-34638 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Undertow (CVE-2024-6162)

Summary A denial of service vulnerability in Undertow that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6162 DESCRIPTION: Undertow is vulnerable to a denial of service, caused by a flaw with URL-encoded request path information can be broken for...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus-JOSE-JWT ( CVE-2023-52428)

Summary A vulnerability in Connect2id Nimbus-JOSE-JWT that is used by the JDBC driver in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user...

PT-2024-4819 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Google Guava (CVE-2023-2976)

Summary A vulnerability in Google Guava used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-35717)

Summary An OS command injection vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-35717 DESCRIPTION: IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a...

IBM InfoSphere Information Server 信息泄露漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Systems version 11....

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2023-20862)

Summary A vulnerability in VMware Tanzu Spring Security used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by the logout support feature...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2023-20863)

Summary A vulnerability in VMware Tanzu Spring Framework used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a code execution vulnerability in Apache Kafka (CVE-2023-25194)

Summary A code execution vulnerability in Apache Kafka used byIBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

Security Bulletin: Multiple vulnerabilities in Apache Ant affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Ant used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By...

CVE-2022-41291

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699...

CVE-2021-38952

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408...

CVE-2022-22441

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to improper certificate validation

Summary A vulnerability due to improper certificate validation in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID: CVE-2021-29737 DESCRIPTION: IBM InfoSphere Data Flow Designer Engine component has improper validation of the REST API server certificate. CVSS Base...

CVE-2021-29737

IBM InfoSphere Data Flow Designer Engine IBM InfoSphere Information Server 11.7 component has improper validation of the REST API server certificate. IBM X-Force ID: 201301...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons IO

Summary A vulnerability in Apache Commons IO that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the...

Security Bulletin: IBM InfoSphere DataStage is affected by an Information disclosure vulnerability

Summary An Information disclosure vulnerability in IBM InfoSphere DataStage was addressed. Vulnerability Details CVEID: CVE-2021-29747 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication...

CVE-2020-4727

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks again...

CVE-2020-4702

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...