Infosphere Information Server@11.7 Security Vulnerabilities and Issues — Infosphere Information Server@11.7 CVE List

Lucene search

IbmInfosphere Information Server11.7

126 matches found

CVE•added 2023/04/29 3:15 p.m.•215 views

CVE-2023-30441

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

7.5CVSS7.4AI score0.00035EPSS

CVE•added 2019/06/06 9:29 p.m.•191 views

CVE-2019-4257

IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.

4.3CVSS4.2AI score0.00156EPSS

CVE•added 2024/02/28 1:15 a.m.•89 views

CVE-2023-50303

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.

6.1CVSS5.8AI score0.00074EPSS

CVE•added 2022/04/28 4:15 p.m.•75 views

CVE-2022-22441

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.

6.5CVSS6.2AI score0.00186EPSS

CVE•added 2021/07/09 5:15 p.m.•74 views

CVE-2021-29730

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.

8.8CVSS8.6AI score0.00268EPSS

CVE•added 2023/11/18 6:15 p.m.•74 views

CVE-2023-40363

IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332.

8.1CVSS6.9AI score0.00037EPSS

CVE•added 2022/07/01 6:15 p.m.•71 views

CVE-2022-22373

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323.

5.5CVSS5.2AI score0.00204EPSS

CVE•added 2024/06/30 6:15 p.m.•67 views

CVE-2024-31898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.

5.4CVSS5.2AI score0.00074EPSS

CVE•added 2021/05/21 6:15 p.m.•66 views

CVE-2021-29681

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.

5.3CVSS4.7AI score0.00188EPSS

CVE•added 2021/07/09 5:15 p.m.•66 views

CVE-2021-29712

6.1CVSS5.8AI score0.00149EPSS

CVE•added 2022/05/10 4:15 p.m.•66 views

CVE-2022-22454

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

7.8CVSS7.7AI score0.00089EPSS

CVE•added 2022/11/03 8:15 p.m.•66 views

CVE-2022-35642

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592."

5.4CVSS5.2AI score0.00162EPSS

CVE•added 2024/06/30 5:15 p.m.•66 views

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

8.8CVSS5.1AI score0.00016EPSS

CVE•added 2024/06/30 7:15 p.m.•65 views

CVE-2024-28794

5.4CVSS5.2AI score0.00119EPSS

CVE•added 2023/02/21 2:15 p.m.•64 views

CVE-2023-25928

5.4CVSS4.8AI score0.00112EPSS

CVE•added 2022/11/03 8:15 p.m.•63 views

CVE-2022-40235

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."

6.5CVSS6.2AI score0.00077EPSS

CVE•added 2024/02/21 3:15 p.m.•63 views

CVE-2023-50955

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

2.7CVSS3.5AI score0.00211EPSS

CVE•added 2019/06/17 3:15 p.m.•62 views

CVE-2018-1845

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.

7.1CVSS6.8AI score0.00456EPSS

CVE•added 2024/06/30 5:15 p.m.•62 views

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2871...

7.2CVSS5.8AI score0.00117EPSS

CVE•added 2024/06/30 7:15 p.m.•61 views

CVE-2023-50964

5.4CVSS5.2AI score0.00042EPSS

CVE•added 2024/07/12 6:15 p.m.•61 views

CVE-2024-40690

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.

5.4CVSS5.2AI score0.00155EPSS

CVE•added 2022/04/28 4:15 p.m.•59 views

CVE-2022-22427

6.1CVSS5.8AI score0.00191EPSS

CVE•added 2022/11/03 8:15 p.m.•58 views

CVE-2022-30608

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.

8.8CVSS8.4AI score0.00056EPSS

CVE•added 2022/04/28 4:15 p.m.•57 views

CVE-2022-22443

5.4CVSS5.2AI score0.00215EPSS

CVE•added 2022/11/03 8:15 p.m.•57 views

CVE-2022-30615

5.4CVSS5.2AI score0.00162EPSS

CVE•added 2022/09/23 6:15 p.m.•57 views

CVE-2022-40748

5.4CVSS5.2AI score0.00141EPSS

CVE•added 2024/06/30 6:15 p.m.•57 views

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.

5.4CVSS4.5AI score0.00055EPSS

CVE•added 2025/03/29 1:15 p.m.•57 views

CVE-2024-55895

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

5.3CVSS6.4AI score0.00042EPSS

CVE•added 2024/12/19 12:15 a.m.•56 views

CVE-2021-29827

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

5.2CVSS5.2AI score0.00061EPSS

CVE•added 2022/04/28 4:15 p.m.•56 views

CVE-2021-38952

5.4CVSS5.2AI score0.00215EPSS

CVE•added 2024/12/11 1:15 p.m.•56 views

CVE-2023-23472

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

6.5CVSS5.7AI score0.00071EPSS

CVE•added 2023/07/17 12:15 a.m.•56 views

CVE-2023-33857

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695.

5.3CVSS4.9AI score0.00052EPSS

CVE•added 2025/04/23 11:15 p.m.•56 views

CVE-2025-25046

IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.

3.7CVSS3.8AI score0.00016EPSS

CVE•added 2023/02/08 7:15 p.m.•55 views

CVE-2023-23475

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.

4.6CVSS4.5AI score0.00162EPSS

CVE•added 2023/02/17 7:15 p.m.•55 views

CVE-2023-24960

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333

7.5CVSS7.3AI score0.00059EPSS

CVE•added 2022/11/16 11:15 p.m.•54 views

CVE-2022-40752

IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687.

9.8CVSS9.3AI score0.00475EPSS

CVE•added 2022/08/10 5:15 p.m.•53 views

CVE-2022-35715

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 231202.

7.5CVSS7AI score0.00054EPSS

CVE•added 2023/05/22 1:15 a.m.•53 views

CVE-2023-32336

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.

9.8CVSS9.2AI score0.00193EPSS

CVE•added 2022/04/28 4:15 p.m.•52 views

CVE-2022-22322

5.4CVSS5.2AI score0.00215EPSS

CVE•added 2022/11/03 8:15 p.m.•52 views

CVE-2022-22425

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."

9.8CVSS9.3AI score0.00103EPSS

CVE•added 2022/11/03 8:15 p.m.•52 views

CVE-2022-40747

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584."

9.1CVSS8.8AI score0.0004EPSS

CVE•added 2022/10/07 5:15 p.m.•52 views

CVE-2022-41291

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

6.5CVSS6.1AI score0.0003EPSS

CVE•added 2023/12/01 9:15 p.m.•51 views

CVE-2023-46174

5.4CVSS5.2AI score0.0006EPSS

CVE•added 2025/03/29 12:15 a.m.•51 views

CVE-2024-43186

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.

6.5CVSS6AI score0.0004EPSS

CVE•added 2025/03/29 12:15 a.m.•51 views

CVE-2024-51477

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.

6.5CVSS6.3AI score0.00041EPSS

CVE•added 2023/01/20 7:15 p.m.•50 views

CVE-2022-41733

IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583.

5.3CVSS5.1AI score0.00037EPSS

CVE•added 2023/02/17 5:15 p.m.•50 views

CVE-2023-24964

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.

6.2CVSS5.2AI score0.0001EPSS

CVE•added 2024/06/30 4:15 p.m.•50 views

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.

3.3CVSS3.6AI score0.00008EPSS

CVE•added 2024/06/30 6:15 p.m.•50 views

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2871...

6.4CVSS5.4AI score0.00119EPSS

CVE•added 2024/08/15 5:15 p.m.•50 views

CVE-2024-40704

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.

4.9CVSS4.7AI score0.00097EPSS

Total number of security vulnerabilities126