Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Pallets Werkzeug (CVE-2023-46136)

Summary A vulnerability in Pallets Werkzeug used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...

Security Bulletin: IBM InfoSphere Information Server is affected by OpenSSL Vulnerability (CVE-2023-0464)

Summary A vulnerability in OpenSSL used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509VERIFYPARAMadd0policy function. By using...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-50303)

Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-50303 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in t...

Security Bulletin: IBM InfoSphere Information Server is affected by urllib3 vulnerability (CVE-2023-43804)

Summary A vulnerability in urllib3 used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped during...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary A vulnerability in snappy-java used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request, a...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in snappy-java

Summary Multiple vulnerabilities in snappy-java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sendi...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-42022)

Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-42022 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in t...

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2023-35898)

Summary DataStage Flow Designer is an internal component of IBM InfoSphere Information Server. An information disclosure vulnerability in the DataStage Flow Designer was addressed. Vulnerability Details CVEID:CVE-2023-35898 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticat...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Hive (CVE-2021-34538)

Summary A vulnerability in Apache Hive used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-34538 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by improper authorization validation by the CREATE and DROP functio...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to multiple vulnerabilities in jackson-databind ( CVE-2022-42004, CVE-2022-42003)

Summary Multiple vulnerabilities in jackson-databind used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in in the...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure storage of sensitive information (CVE-2023-22878)

Summary A vulnerability due to insecure storage of sensitive information was addressed in InfoSphere Information Server. Vulnerability Details CVEID:CVE-2023-22878 DESCRIPTION: IBM InfoSphere Information Server stores user credentials in plain clear text which can be read by a local user. CVSS Ba...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection (CVE-2022-47984)

Summary A SQL injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-47984 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the...

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a denial of service vulnerability in JXPath (CVE-2022-40161)

Summary IBM InfoSphere Information Server is affected but not classified as vulnerable to a denial of service vulnerability in JXPath. The CVE is addressed. Vulnerability Details CVEID:CVE-2022-40161 DESCRIPTION: JXPath is vulnerable to a denial of service, caused by a stack-based buffer overflow...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to denial of service (CVE-2022-41733)

Summary A denial of service vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-41733 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacked to cause some of the components to be unusable until the process is restarted. CVSS...

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in moment.js (CVE-2022-31129)

Summary A denial of service vulnerability in moment.js used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted...

Security Bulletin: A clickjacking vulnerability in WebSphere Application Server Liberty affects IBM InfoSphere Information Server

Summary A clickjacking vulnerability in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through...