11 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Undertow (CVE-2024-6162)
Summary A denial of service vulnerability in Undertow that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6162 DESCRIPTION: Undertow is vulnerable to a denial of service, caused by a flaw with URL-encoded request path information can be broken for...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus-JOSE-JWT ( CVE-2023-52428)
Summary A vulnerability in Connect2id Nimbus-JOSE-JWT that is used by the JDBC driver in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Google Guava (CVE-2023-2976)
Summary A vulnerability in Google Guava used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to OS command injection (CVE-2022-35717)
Summary An OS command injection vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-35717 DESCRIPTION: IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2023-20862)
Summary A vulnerability in VMware Tanzu Spring Security used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by the logout support feature...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2023-20863)
Summary A vulnerability in VMware Tanzu Spring Framework used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially...
Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a code execution vulnerability in Apache Kafka (CVE-2023-25194)
Summary A code execution vulnerability in Apache Kafka used byIBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...
Security Bulletin: IBM InfoSphere DataStage Flow Designer is vulnerable due to improper certificate validation
Summary A vulnerability due to improper certificate validation in IBM InfoSphere DataStage Flow Designer was addressed. Vulnerability Details CVEID: CVE-2021-29737 DESCRIPTION: IBM InfoSphere Data Flow Designer Engine component has improper validation of the REST API server certificate. CVSS Base...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons IO
Summary A vulnerability in Apache Commons IO that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the...
Security Bulletin: IBM InfoSphere DataStage is affected by an Information disclosure vulnerability
Summary An Information disclosure vulnerability in IBM InfoSphere DataStage was addressed. Vulnerability Details CVEID: CVE-2021-29747 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication...
CVE-2020-4162
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...