Security Bulletin: IBM InfoSphere Information Server is vulnerable due to information exposure (CVE-2026-2484)

Summary An information exposure vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-2484 DESCRIPTION: InfoSphere Information Server is affected by an information exposure vulnerability caused by overly verbose error messages. CWE:CWE-209:...

Security Bulletin: IBM InfoSphere Information Server is affected by a server-side request forgery (CVE-2025-12832)

Summary A server-side request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-12832 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes ingress-nginx (CVE-2024-7646)

Summary A vulnerability in Kubernetes ingress-nginx that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...

Security Bulletin: IBM InfoSphere Information Server is affected by a security vulnerability in Certifi python-certifi (CVE-2024-39689)

Summary A security vulnerability in Certifi python-certifi that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An...

Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation

Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Pallets Werkzeug (CVE-2023-46136)

Summary A vulnerability in Pallets Werkzeug used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...

Security Bulletin: IBM InfoSphere Information Server is affected by OpenSSL Vulnerability (CVE-2023-0464)

Summary A vulnerability in OpenSSL used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints...

Security Bulletin: IBM InfoSphere Information Server is affected by a Sensitive data exposure vulnerability (CVE-2024-22352)

Summary A Sensitive data exposure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22352 DESCRIPTION: IBM InfoSphere Information Server stores potentially sensitive information in log files that could be read by a local user. CVSS Base score:...

Security Bulletin: IBM InfoSphere Information Server is affected by urllib3 vulnerability (CVE-2023-43804)

Summary A vulnerability in urllib3 used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped during...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary A vulnerability in snappy-java used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request, a...

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-35898)

Summary DataStage Flow Designer is an internal component of IBM InfoSphere Information Server. An information disclosure vulnerability in the DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2023-35898 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticat...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in jackson-databind ( CVE-2022-42004, CVE-2022-42003)

Summary Multiple vulnerabilities in jackson-databind used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure storage of sensitive information (CVE-2023-22878)

Summary A vulnerability due to insecure storage of sensitive information was addressed in InfoSphere Information Server. Vulnerability Details CVEID:CVE-2023-22878 DESCRIPTION: IBM InfoSphere Information Server stores user credentials in plain clear text which can be read by a local user. CVSS Ba...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection (CVE-2022-47984)

Summary A SQL injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-47984 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a denial of service vulnerability in JXPath (CVE-2022-40161)

Summary IBM InfoSphere Information Server is affected but not classified as vulnerable to a denial of service vulnerability in JXPath. The CVE is addressed. Vulnerability Details CVEID:CVE-2022-40161 DESCRIPTION: JXPath is vulnerable to a denial of service, caused by a stack-based buffer overflow...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service (CVE-2022-41733)

Summary A denial of service vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-41733 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacked to cause some of the components to be unusable until the process is restarted. CVSS...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in moment.js (CVE-2022-31129)

Summary A denial of service vulnerability in moment.js used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted...

Security Bulletin: A clickjacking vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server

Summary A clickjacking vulnerability in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2022-22322)

Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2022-22322 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Information disclosure (CVE-2021-38887)

Summary An Information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2021-38887 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information from application response requests that...