CVE-2023-50952

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-50964)

Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-50964 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in t...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-20861, CVE-2023-20860]

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework used by InfoSphere Information Server were addressed. CVE-2023-20861, CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...

Information disclosure

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695...

CVE-2023-22878

CVE-2023-22878 affects IBM InfoSphere Information Server 11.7, where user credentials are stored in plaintext readable by a local user. Root cause: insecure storage of sensitive information. Impact: potential information disclosure to local attackers. Remediation: apply IBM fixes for 11.7, specif...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons FileUpload ( CVE-2023-24998)

Summary A vulnerability in Apache Commons FileUpload used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be...

Security Bulletin: IBM InfoSphere Information Server is affected by a remote code execution vulnerability in Apache Commons Text (CVE-2022-42889)

Summary A remote code execution vulnerability in Apache Commons Text used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a denial of service vulnerability in NumPy (CVE-2021-34141)

Summary A denial of service vulnerability in NumPy used byIBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-34141 DESCRIPTION: NumPy is vulnerable to a denial of service, caused by incomplete string comparison in the numpy.core component. By sending a...

CVE-2022-25331

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process...

Unspecified Vulnerability in IBM InfoSphere Information Server

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server, which can be exploited by attackers t...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in XStream

Summary Multiple vulnerabilities in XStream that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-21342 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when processing stream at unmarshalling time. By manipulati...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient

Summary A vulnerability in Apache httpclient used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority...

CVE-2020-4162

CVE-2020-4162 affects IBM InfoSphere Information Server (11.5 and 11.7). The vulnerability is a cross-site scripting flaw in the Web UI that can let an attacker inject arbitrary JavaScript, potentially exposing credentials in a trusted session. Affected products include InfoSphere Information Gov...

Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Information Server (CVE-2016-0729)

Summary Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reportin...

CVE-2016-0280

Cross-site scripting XSS vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server...

CVE-2016-0280

Cross-site scripting XSS vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server Framework and InfoSphere Information Server Business Glossary 9.1 before 9.1.2.0, Information Server...

Information disclosure

Information Services Framework ISF in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access b...

CVE-2012-0228

Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors...

CVE-2011-3124

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix/Linux (as used in IBM InfoSphere DataStage 8.5/8.5.0.1) is affected by CVE-2011-3124, which assigns incorrect ownership to unspecified files, enabling local privilege escalation. The Red Hat/NVD entries confirm the affected product, but do...