MAL-2025-771 Malicious code in @infoserver/gov-shared-connections (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @infoserver/gov-shared-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5b54fde6a5995ffcf57ff5e926b8e0ddb11018b6a6107970a724342f83745df0 The OpenSSF Package Analysis project identified '@infoserver/gov-shared-ui' @ 21.2.15 npm as malicious. It is considered malicious because: - Th...

CVE-2023-42019

IBM InfoSphere Information Server 11.7 is vulnerable to a remote DoS due to improper input validation and failure to enable HTTP Strict Transport Security. Affects InfoSphere Information Server 11.7. Remediation per IBM bulletin includes upgrading to 11.7.1.0 or applying 11.7.1.4 service packs. E...

CVE-2023-40699

IBM InfoSphere Information Server 11.7 is affected by CVE-2023-40699 due to improper input validation, enabling a remote attacker to cause a denial of service. The issue is associated with network access and requires no privileges or user interaction. Per IBM advisory, affected products include I...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2023-38268)

Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-38268 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

CVE-2023-33857

The CVE-2023-33857 entry affects IBM InfoSphere Information Server 11.7. An information-disclosure vulnerability allows a remote attacker to obtain system information via a specially crafted query, potentially aiding further attacks. The IBM bulletin (VRMF 11.7) lists remediation options: upgrade...

CVE-2022-40747

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584."...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection

Summary An OS command injection vulnerability in InfoSphere Information Server was addressed. Vulnerability Details IBM X-Force ID: 231361 DESCRIPTION: IBM InfoSphere Information Server could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially...

IBM InfoSphere Information Server code issue vulnerability

IBM InfoSphere Information Server is a data integration platform from International Business Machines Corporation IBM that can be used to integrate data information from various sources. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Informati...

CVE-2022-31768

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Information disclosure (CVE-2021-38887)

Summary An Information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-38887 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information from application response requests that...

CVE-2021-29888

IBM InfoSphere Information Server 11.7 is vulnerable to Cross‑Site Request Forgery (CSRF). The root cause is CSRF permitting malicious actions transmitted from a trusted user. Remediation per IBM bulletin: upgrade to 11.7.1.0 or 11.7.1.3 (InfoSphere Information Server / Information Server on Clou...

CVE-2021-29888

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123...

CVE-2020-4286

IBM InfoSphere Information Server versions 11.3, 11.5, and 11.7 are affected by a cross-site request forgery (CSRF) vulnerability (CVE-2020-4286). The IBM bulletin notes that an attacker could leverage CSRF to perform unauthorized actions on behalf of a trusted user. Remediation: upgrade to 11.7....

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind

Summary Multiple vulnerabilities in Jackson databind that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2019-12384 DESCRIPTION: FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to...

CVE-2020-4384

CVE-2020-4384 affects IBM InfoSphere Information Server (and InfoSphere QualityStage) on versions 11.3, 11.5, and 11.7 with a cross-site scripting (XSS) vulnerability in the Web UI that can allow arbitrary JavaScript execution and potential credential disclosure within a trusted session. IBM’s se...

CVE-2019-4257

IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945...

Information disclosure

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784...

CVE-2018-1518

CVE-2018-1518 affects IBM InfoSphere Information Server 11.7. The issue is a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM lists CVSS Base Score 6.2, with a local attack vector and low complexity. Affected products include IBM Inf...

CVE-2017-1350

IBM InfoSphere Information Server is affected by CVE-2017-1350, a privilege escalation due to improper access controls in versions 9.1, 11.3, 11.5, and 11.7 (including InfoSphere Framework and InfoSphere on Cloud). The IBM security bulletin (BB7F1678...) states an attacker could escalate to admin...