Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to Apache Avro (CVE-2024-47561)

Summary Apache Avro is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java SDK...

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-25046)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-25046 DESCRIPTION: IBM InfoSphere DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an...

PT-2025-17675 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue concerns the transmission of sensitive information via URL or query parameters, which could be exposed to an unauthorized actor using man-in-the-middle techniques...

Security Bulletin: IBM InfoSphere DataStage Flow Designer is affected by a path traversal vulnerability (CVE-2024-52363)

Summary A path traversal vulnerability in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2024-52363 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to leaking sensitive information due to the ClassGraph package ( CVE-2021-47621 )

Summary ClassGraph is used by DataStage on Cloud Pak for Data as part of the path and module scanning functionality. Vulnerability Details CVEID:CVE-2021-47621 DESCRIPTION: ClassGraph could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

Security Bulletin: IBM InfoSphere Information Server is affected by a path traversal vulnerability (CVE-2023-24960)

Summary A path traversal vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-24960 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL...

Security Bulletin: DataStage on Cloud Pak for Data Is Vulnerable to Sensitive Information Disclosure Error (CVE-2022-38714)

Summary A vulnerability in DataStage on Cloud Pak for Data had the potential of exposing database connection details database names, database user-id, database credential to authorized users with Cluster Admin role had they performed remote access to running datastage containers that was processi...

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer Unspecified Vulnerability (CNVD-2025-05561)

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer are both products of International Business Machines IBM.IBM InfoSphere Information Server is a data integration platform. The platform can be used to integrate data information obtained from various sources.IBM InfoSphe...

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)

Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)

Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to HTTP header injection due to the Django package (CVE-2021-32052)

Summary Django is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML Jackson Core package (PRISMA-2023-0067)

Summary Jackson is used by IBM DataStage on Cloud Pak for Data for JSON parsing. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By sending a...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)

Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to authentication and command execution issues due to the Eclipse Jetty package (CVE-2023-36479, CVE-2023-40167, CVE-2023-41900)

Summary Eclipse Jetty is used by IBM DataStage on Cloud Pak for Data as part of web server functionality. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to GNOME GLib (CVE-2023-32636)

Summary GNOME GLib is used by IBM DataStage on Cloud Pak for Data as part of the data handling functionality. Vulnerability Details CVEID:CVE-2023-32636 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by a flaw in the fuzzvarianttext function. By sending a specially crafted...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)

Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...