Infosphere Information Server Security Vulnerabilities and Issues — Page 4 of Infosphere Information Server CVE List

Lucene search

IbmInfosphere Information Server

176 matches found

CVE•added 2019/04/25 3:29 p.m.•33 views

CVE-2019-4238

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.2AI score0.00208EPSS

CVE•added 2021/01/26 6:15 p.m.•33 views

CVE-2020-27583

IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

9.8CVSS9.6AI score0.04233EPSS

CVE•added 2020/11/13 3:15 p.m.•33 views

CVE-2020-4886

IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.

4CVSS3.6AI score0.00048EPSS

CVE•added 2023/12/01 9:15 p.m.•33 views

CVE-2023-42019

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.

5.9CVSS5.6AI score0.00016EPSS

CVE•added 2017/02/01 8:59 p.m.•32 views

CVE-2016-5984

IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to cond...

6.1CVSS6AI score0.00206EPSS

CVE•added 2020/03/10 12:15 p.m.•32 views

CVE-2020-4162

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 17...

5.4CVSS5.2AI score0.00314EPSS

CVE•added 2020/09/04 2:15 p.m.•32 views

CVE-2020-4632

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416.

6.5CVSS6.1AI score0.00123EPSS

CVE•added 2021/11/02 4:15 p.m.•32 views

CVE-2021-38948

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402.

9.1CVSS8.8AI score0.00552EPSS

CVE•added 2023/12/01 8:15 p.m.•32 views

CVE-2023-38268

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.

8.8CVSS6.4AI score0.00038EPSS

CVE•added 2023/12/01 9:15 p.m.•32 views

CVE-2023-43021

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.

5.3CVSS4.8AI score0.00043EPSS

CVE•added 2024/08/06 4:15 p.m.•32 views

CVE-2024-39751

4.3CVSS5.8AI score0.0009EPSS

CVE•added 2019/03/05 6:29 p.m.•31 views

CVE-2018-1899

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.

4.3CVSS4.4AI score0.00079EPSS

CVE•added 2021/11/02 4:15 p.m.•31 views

CVE-2021-29737

IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301.

7.5CVSS7.3AI score0.00132EPSS

CVE•added 2013/10/13 10:20 a.m.•30 views

CVE-2013-4056

Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.

6.8CVSS7.2AI score0.00103EPSS

CVE•added 2020/09/04 2:15 p.m.•30 views

CVE-2020-4702

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1871...

6.4CVSS5.3AI score0.00223EPSS

CVE•added 2020/10/12 2:15 p.m.•30 views

CVE-2020-4741

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

6.4CVSS5.1AI score0.0017EPSS

CVE•added 2017/02/08 10:59 p.m.•29 views

CVE-2015-7493

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

4.7CVSS4.8AI score0.00053EPSS

CVE•added 2021/04/05 5:15 p.m.•29 views

CVE-2020-4997

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914

5.4CVSS5.2AI score0.00143EPSS

CVE•added 2021/11/02 4:15 p.m.•29 views

CVE-2021-29875

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.

7.5CVSS7AI score0.00286EPSS

CVE•added 2021/11/02 4:15 p.m.•27 views

CVE-2021-29888

8.8CVSS8.4AI score0.00139EPSS

CVE•added 2021/11/10 3:15 p.m.•26 views

CVE-2021-38887

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.

6.5CVSS5.9AI score0.00162EPSS

CVE•added 2025/05/15 9:15 p.m.•21 views

CVE-2025-1138

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

4.3CVSS4.2AI score0.00039EPSS

CVE•added 2025/06/25 3:15 a.m.•8 views

CVE-2025-0966

IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

7.6CVSS7.7AI score0.00104EPSS

CVE•added 2025/06/21 1:15 p.m.•8 views

CVE-2025-3221

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

7.5CVSS7.4AI score0.00125EPSS

CVE•added 2025/06/21 1:15 p.m.•7 views

CVE-2025-3629

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.

4.3CVSS4.4AI score0.00028EPSS

CVE•added 2025/06/26 4:15 p.m.•6 views

CVE-2025-36034

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

5.3CVSS6.5AI score0.00011EPSS

Total number of security vulnerabilities176