224 matches found
CVE-2025-36034
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to cleartext transmission of sensitive information (CVE-2025-36034)
Summary A disclosure of sensitive information vulnerability in InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2025-36034 DESCRIPTION: IBM InfoSphere DataStage Flow Designer discloses sensitive user information in API requests in clear text that could be...
CVE-2025-36034 IBM InfoSphere DataStage Flow Designer information disclosure
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034 IBM InfoSphere DataStage Flow Designer information disclosure
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques...
CVE-2025-36034
CVE-2025-36034 affects IBM InfoSphere DataStage Flow Designer within IBM InfoSphere Information Server 11.7. The issue causes cleartext transmission of sensitive user information in API requests, enabling potential disclosure via man-in-the-middle. The IBM security bulletin cites CWE-319 and list...
IBM InfoSphere DataStage Flow Designer 安全漏洞
IBM InfoSphere DataStage Flow Designer is a Web-based data stage flow designer from International Business Machines IBM. A security vulnerability exists in IBM InfoSphere DataStage Flow Designer that stems from the explicit transmission of sensitive information in API requests, which could lead t...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)
Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to file descriptor exhaustion due to the Jetty package (CVE-2024-22201).
Summary Jetty is used by DataStage on Cloud Pak for Data as part of web server processing. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. ...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to directory traversal due to the pip package (CVE-2019-20916)
Summary Pip is used by DataStage on Cloud Pak for Data as part of package management. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to domain certificate spoofing due to the OkHostnameVerifier.java package ( CVE-2021-0341)
Summary OkHostnameVerifier.java is used by DataStage on Cloud Pak for Data as part of hostname verification. Vulnerability Details CVEID:CVE-2021-0341 DESCRIPTION: In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to exposure of sensitive data and authorization bypass due to the Apache ZooKeeper package (CVE-2024-23944, CVE-2023-44981)
Summary Apache ZooKeeper is used by DataStage on Cloud Pak for Data as part of configuration synchronization. Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monit...
Security Bulletin: IBM InfoSphere DataStage is vulnerable due to cleartext storage of sensitive information (CVE-2025-1499)
Summary A vulnerability due to cleartext storage of sensitive information in IBM InfoSphere DataStage was addressed. Vulnerability Details CVEID:CVE-2025-1499 DESCRIPTION: IBM InfoSphere DataStage stores credential information for database authentication in a cleartext parameter file that could b...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to security restriction bypass due to the Apache Maven package (CVE-2021-26291)
Summary Apache Maven is used by DataStage on Cloud Pak for Data as part of build management. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http non-SSL repository references by default. By...
CVE-2012-4818
IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to vi...
CVE-2011-3123
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to an out of bounds write due to the FreeType package (CVE-2025-27363)
Summary FreeType is used by DataStage on Cloud Pak for Data as part of text processing functionality. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse...
IBM InfoSphere Information Server Multiple Vulnerabilities (April 2025)
The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.6. It is, therefore, potentially affected by multiple vulnerabilities: - IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to OpenSSL (CVE-2022-0778)
Summary OpenSSL is used by DataStage on Cloud Pak for Data as part of secure network communication. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a specially-craft...