Infosphere Information Server Security Vulnerabilities and Issues — Infosphere Information Server CVE List

Lucene search

IbmInfosphere Information Server

26 matches found

CVE•added 2024/02/28 1:15 a.m.•89 views

CVE-2023-50303

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.

6.1CVSS5.8AI score0.00074EPSS

CVE•added 2024/06/30 6:15 p.m.•67 views

CVE-2024-31898

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.

5.4CVSS5.2AI score0.00014EPSS

CVE•added 2024/06/30 5:15 p.m.•66 views

CVE-2024-31902

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

8.8CVSS5.1AI score0.00114EPSS

CVE•added 2024/06/30 7:15 p.m.•65 views

CVE-2024-28794

5.4CVSS5.2AI score0.00118EPSS

CVE•added 2024/02/21 3:15 p.m.•63 views

CVE-2023-50955

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

2.7CVSS3.5AI score0.00219EPSS

CVE•added 2024/06/30 5:15 p.m.•62 views

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2871...

7.2CVSS5.8AI score0.00129EPSS

CVE•added 2024/06/30 7:15 p.m.•61 views

CVE-2023-50964

5.4CVSS5.2AI score0.00041EPSS

CVE•added 2024/07/12 6:15 p.m.•61 views

CVE-2024-40690

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.

5.4CVSS5.2AI score0.00155EPSS

CVE•added 2024/06/30 6:15 p.m.•57 views

CVE-2023-50953

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.

5.4CVSS4.5AI score0.00084EPSS

CVE•added 2024/12/19 12:15 a.m.•56 views

CVE-2021-29827

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against...

5.2CVSS5.2AI score0.00023EPSS

CVE•added 2024/12/11 1:15 p.m.•56 views

CVE-2023-23472

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

6.5CVSS5.7AI score0.00071EPSS

CVE•added 2024/06/30 4:15 p.m.•50 views

CVE-2023-35022

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.

3.3CVSS3.6AI score0.0001EPSS

CVE•added 2024/06/30 6:15 p.m.•50 views

CVE-2024-28797

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2871...

6.4CVSS5.4AI score0.00102EPSS

CVE•added 2024/08/15 5:15 p.m.•50 views

CVE-2024-40704

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.

4.9CVSS4.7AI score0.00097EPSS

CVE•added 2024/06/30 6:15 p.m.•49 views

CVE-2023-50952

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.

5.4CVSS5.3AI score0.00075EPSS

CVE•added 2024/03/21 2:52 a.m.•49 views

CVE-2024-22352

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

6.5CVSS5.3AI score0.00066EPSS

CVE•added 2024/06/30 4:15 p.m.•49 views

CVE-2024-28795

5.4CVSS5.2AI score0.00055EPSS

CVE•added 2024/02/21 3:15 p.m.•48 views

CVE-2023-33843

5.4CVSS5.2AI score0.00142EPSS

CVE•added 2024/06/30 5:15 p.m.•47 views

CVE-2024-35119

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.

5.3CVSS4.9AI score0.00093EPSS

CVE•added 2024/07/26 2:15 p.m.•47 views

CVE-2024-40689

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.

9.8CVSS6.3AI score0.00171EPSS

CVE•added 2024/06/30 5:15 p.m.•45 views

CVE-2023-50954

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.

5.3CVSS4.3AI score0.00141EPSS

CVE•added 2024/08/15 5:15 p.m.•44 views

CVE-2024-40705

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.

6.5CVSS6.2AI score0.0019EPSS

CVE•added 2024/12/11 1:15 p.m.•39 views

CVE-2024-51460

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

4.3CVSS6AI score0.00056EPSS

CVE•added 2024/12/12 4:15 p.m.•39 views

CVE-2024-52901

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

6.5CVSS6.3AI score0.00092EPSS

CVE•added 2024/07/24 6:15 p.m.•36 views

CVE-2024-37533

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.

4.6CVSS2.9AI score0.00044EPSS

CVE•added 2024/08/06 4:15 p.m.•32 views

CVE-2024-39751

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429

4.3CVSS5.8AI score0.0009EPSS