1652 matches found
CVE-2026-2485 IBM InfoSphere Information Server Cross-Site Scripting
IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2026-2485
IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974 IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...
CVE-2025-14974
CVE-2025-14974 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6 and is caused by insecure direct object reference (IDOR). Potential impact: unauthorized access to protected objects with high confidentiality impact as per sources. Affected versions and remediation are documented in IBM’...
CVE-2026-1262
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
CVE-2026-1262 IBM InfoSphere Information Server Information Disclosure
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
CVE-2026-1262
IBM InfoSphere Information Server versions 11.7.0.0–11.7.1.6 are affected by an information disclosure vulnerability (CVE-2026-1262). The IBM bulletin attributes the issue to CWE-209 (generation of error messages containing sensitive information) and lists a CVSS v3.1 base score of 4.3 (AV:N/AC:L...
CVE-2026-1262 IBM InfoSphere Information Server Information Disclosure
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability...
CVE-2025-14790
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...
CVE-2025-14912 IBM InfoSphere Information Server is vulnerable to server-side request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-14912
IBM InfoSphere Information Server (versions 11.7.0.0–11.7.1.6) is affected by CVE-2025-14912, a server-side request forgery (SSRF) vulnerability. An authenticated attacker could cause the server to send unauthorized outbound requests, enabling network enumeration or related attacks. Remediation i...
CVE-2025-14912
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-14912 IBM InfoSphere Information Server is vulnerable to server-side request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-14810
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...
CVE-2025-14810 IBM InfoSphere Information Server is vulnerable due to insufficient session expiration
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...
CVE-2025-14810 IBM InfoSphere Information Server is vulnerable due to insufficient session expiration
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirati...
CVE-2025-14810
The CVE-2025-14810 issue affects IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6. The root cause is that the product does not invalidate a user session after privileges are modified, which could allow an authenticated user to retain access to sensitive information. Multiple c...
CVE-2025-14808
Summary: CVE-2025-14808 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6. The issue allows information disclosure by reading sensitive data from the query string of an HTTP GET request, potentially exploitable via man‑in‑the‑middle techniques. The root cause is disclosure through the q...