3131 matches found
CVE-2026-2485
IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974
CVE-2025-14974 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 and is caused by insecure direct object reference (IDOR). Potential impact: unauthorized access to protected objects with high confidentiality impact as per sources. Affected versions and remediation are documented in IBM’...
CVE-2026-1262 IBM InfoSphere Information Server Information Disclosure
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
CVE-2026-1262
IBM InfoSphere Information Server versions 11.7.0.0–11.7.1.6 are affected by an information disclosure vulnerability (CVE-2026-1262). The IBM bulletin attributes the issue to CWE-209 (generation of error messages containing sensitive information) and lists a CVSS v3.1 base score of 4.3 (AV:N/AC:L...
CVE-2025-14912 IBM InfoSphere Information Server is vulnerable to server-side request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-14912
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-14912 IBM InfoSphere Information Server is vulnerable to server-side request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-14810
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...
CVE-2025-14810
The CVE-2025-14810 issue affects IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. The root cause is that the product does not invalidate a user session after privileges are modified, which could allow an authenticated user to retain access to sensitive information. Multiple c...
CVE-2025-14810 IBM InfoSphere Information Server is vulnerable due to insufficient session expiration
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...
CVE-2025-14808 IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
CVE-2025-14808
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques...
CVE-2025-14790
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...
CVE-2025-14790 IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...
CVE-2025-14790 IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...
CVE-2025-14790
CVE-2025-14790 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6, with information disclosure caused by insufficiently protected credentials. The CVSS v3.1 base score is 6.5 (Network attack, low attack complexity, user interaction none, privileges required low). Connected sources corrob...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTTP header injection (CVE-2025-14807)
Summary A HTTP header injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14807 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This coul...