Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmInfosphere Information Server

176 matches found

CVE
CVEadded 2020/09/25 5:15 p.m.41 views

CVE-2020-4727

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

6.1CVSS6.2AI score0.00181EPSS
CVE
CVEadded 2018/06/05 3:29 p.m.40 views

CVE-2018-1454

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniq...

5.9CVSS5.3AI score0.00325EPSS
CVE
CVEadded 2019/02/15 8:29 p.m.40 views

CVE-2018-1727

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.

9.1CVSS8.8AI score0.00416EPSS
CVE
CVEadded 2019/04/02 2:29 p.m.40 views

CVE-2018-1917

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.

6.5CVSS6.1AI score0.0038EPSS
CVE
CVEadded 2020/05/19 2:15 p.m.40 views

CVE-2020-4298

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.2AI score0.00179EPSS
CVE
CVEadded 2022/06/06 7:15 p.m.40 views

CVE-2022-31768

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

9.8CVSS9.5AI score0.00111EPSS
CVE
CVEadded 2023/05/19 4:15 p.m.40 views

CVE-2022-47984

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.

9.8CVSS7.9AI score0.00058EPSS
CVE
CVEadded 2013/01/31 12:6 p.m.39 views

CVE-2012-0702

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.

4CVSS6.4AI score0.00146EPSS
CVE
CVEadded 2020/02/05 4:15 p.m.39 views

CVE-2013-0507

IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability

8.1CVSS7.8AI score0.00232EPSS
CVE
CVEadded 2014/03/16 2:6 p.m.39 views

CVE-2013-4057

Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.

6.8CVSS7.2AI score0.00211EPSS
CVE
CVEadded 2017/08/14 10:29 p.m.39 views

CVE-2017-1469

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.

7.8CVSS7.4AI score0.00099EPSS
CVE
CVEadded 2023/05/19 4:15 p.m.39 views

CVE-2023-22878

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.

6.2CVSS5.3AI score0.0001EPSS
CVE
CVEadded 2024/12/11 1:15 p.m.39 views

CVE-2024-51460

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

4.3CVSS6AI score0.00056EPSS
CVE
CVEadded 2024/12/12 4:15 p.m.39 views

CVE-2024-52901

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

6.5CVSS6.3AI score0.00092EPSS
CVE
CVEadded 2013/01/31 12:6 p.m.38 views

CVE-2012-0703

Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8CVSS6.7AI score0.00201EPSS
CVE
CVEadded 2013/01/31 12:6 p.m.38 views

CVE-2012-4819

Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers ...

4.3CVSS5.7AI score0.00236EPSS
CVE
CVEadded 2016/03/03 10:59 p.m.38 views

CVE-2015-7490

IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.

3.5CVSS4.8AI score0.00128EPSS
CVE
CVEadded 2017/07/12 5:29 p.m.38 views

CVE-2017-1321

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...

6.1CVSS5.8AI score0.00282EPSS
CVE
CVEadded 2018/10/18 4:0 p.m.38 views

CVE-2018-1518

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.

6.2CVSS5.2AI score0.00011EPSS
CVE
CVEadded 2022/11/03 8:15 p.m.38 views

CVE-2022-35717

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.

7.8CVSS7.7AI score0.00101EPSS
CVE
CVEadded 2023/12/01 9:15 p.m.38 views

CVE-2023-42009

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.

5.4CVSS5.2AI score0.00074EPSS
CVE
CVEadded 2019/04/10 3:29 p.m.37 views

CVE-2018-1994

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.

9.8CVSS9.2AI score0.00358EPSS
CVE
CVEadded 2023/08/28 1:15 a.m.37 views

CVE-2023-24959

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.

7.5CVSS6AI score0.00046EPSS
CVE
CVEadded 2023/12/01 9:15 p.m.37 views

CVE-2023-42022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.

5.4CVSS5.2AI score0.0006EPSS
CVE
CVEadded 2023/12/01 8:15 p.m.37 views

CVE-2023-43015

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064.

5.4CVSS5.2AI score0.0006EPSS
CVE
CVEadded 2011/08/10 8:55 p.m.36 views

CVE-2011-3124

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors.

7.2CVSS6.5AI score0.00048EPSS
CVE
CVEadded 2013/04/01 7:55 p.m.36 views

CVE-2013-0502

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.

4.3CVSS5.7AI score0.00266EPSS
CVE
CVEadded 2013/08/16 1:55 a.m.36 views

CVE-2013-3040

IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack.

5CVSS6.8AI score0.00254EPSS
CVE
CVEadded 2014/03/16 2:6 p.m.36 views

CVE-2013-4059

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces.

4.3CVSS5.7AI score0.00427EPSS
CVE
CVEadded 2015/06/28 2:59 p.m.36 views

CVE-2015-1901

The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.

1.9CVSS5.7AI score0.00055EPSS
CVE
CVEadded 2015/11/04 3:59 a.m.36 views

CVE-2015-5021

IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.

5.5CVSS5.8AI score0.00254EPSS
CVE
CVEadded 2019/02/15 8:29 p.m.36 views

CVE-2018-1895

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.2AI score0.00158EPSS
CVE
CVEadded 2019/04/02 2:29 p.m.36 views

CVE-2018-1906

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.

6.5CVSS6.3AI score0.0039EPSS
CVE
CVEadded 2020/04/16 4:15 p.m.36 views

CVE-2020-4347

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.

7.5CVSS7.2AI score0.00163EPSS
CVE
CVEadded 2021/11/02 4:15 p.m.36 views

CVE-2021-29771

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00287EPSS
CVE
CVEadded 2023/08/28 1:15 a.m.36 views

CVE-2023-22877

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.

8.8CVSS8.1AI score0.00176EPSS
CVE
CVEadded 2023/08/28 1:15 a.m.36 views

CVE-2023-23473

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.

8.8CVSS6.8AI score0.00037EPSS
CVE
CVEadded 2024/07/24 6:15 p.m.36 views

CVE-2024-37533

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.

4.6CVSS2.9AI score0.00044EPSS
CVE
CVEadded 2009/12/09 7:30 p.m.35 views

CVE-2009-4240

Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.

10CVSS6.6AI score0.01371EPSS
CVE
CVEadded 2013/12/18 4:4 p.m.35 views

CVE-2013-5440

IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.

2.1CVSS5.7AI score0.00054EPSS
CVE
CVEadded 2015/05/25 2:59 p.m.35 views

CVE-2015-0180

The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors.

5.5CVSS6.1AI score0.00135EPSS
CVE
CVEadded 2020/05/19 2:15 p.m.35 views

CVE-2020-4286

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.

6.5CVSS6.4AI score0.0009EPSS
CVE
CVEadded 2020/05/06 2:15 p.m.35 views

CVE-2020-4384

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.2AI score0.00179EPSS
CVE
CVEadded 2021/11/02 4:15 p.m.35 views

CVE-2021-29738

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Fo...

5.5CVSS5.3AI score0.00162EPSS
CVE
CVEadded 2013/03/20 2:55 p.m.34 views

CVE-2012-5938

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.

7.2CVSS6.4AI score0.00036EPSS
CVE
CVEadded 2014/07/26 11:11 a.m.34 views

CVE-2014-3071

Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

4.3CVSS5.7AI score0.00321EPSS
CVE
CVEadded 2018/03/12 9:29 p.m.34 views

CVE-2016-0250

XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.

5.5CVSS5.3AI score0.00256EPSS
CVE
CVEadded 2020/10/12 2:15 p.m.34 views

CVE-2020-4740

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150.

5.2CVSS5.5AI score0.00103EPSS
CVE
CVEadded 2013/08/16 1:55 a.m.33 views

CVE-2013-0585

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) repository management user interfaces.

3.5CVSS5.2AI score0.00166EPSS
CVE
CVEadded 2013/10/02 10:55 p.m.33 views

CVE-2013-4067

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.

5.8CVSS6.6AI score0.00246EPSS
Total number of security vulnerabilities176