Infosphere Information Server
by IBM
CVEs (196)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3221 | 0.00 | — | 0.00 | Jun 21, 2025 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | |||
| CVE-2025-1499 | 0.00 | — | 0.00 | Jun 1, 2025 | IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | |||
| CVE-2025-1138 | 0.00 | — | 0.00 | May 15, 2025 | IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | |||
| CVE-2025-25046 | 0.00 | — | 0.00 | Apr 23, 2025 | IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | |||
| CVE-2025-25045 | 0.00 | — | 0.00 | Apr 23, 2025 | IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | |||
| CVE-2024-22351 | 0.00 | — | 0.00 | Apr 23, 2025 | IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||
| CVE-2024-55895 | 0.00 | — | 0.00 | Mar 29, 2025 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||
| CVE-2024-51477 | 0.00 | — | 0.00 | Mar 28, 2025 | IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. | |||
| CVE-2024-7577 | 0.00 | — | 0.00 | Mar 28, 2025 | IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | |||
| CVE-2024-43186 | 0.00 | — | 0.00 | Mar 28, 2025 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | |||
| CVE-2024-51459 | 0.00 | — | 0.00 | Mar 19, 2025 | IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | |||
| CVE-2024-40706 | 0.00 | — | 0.00 | Jan 24, 2025 | IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | |||
| CVE-2024-52363 | 0.00 | — | 0.01 | Jan 17, 2025 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||
| CVE-2021-29827 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch… | |||
| CVE-2024-52901 | 0.00 | — | 0.01 | Dec 12, 2024 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | |||
| CVE-2024-51460 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. | |||
| CVE-2023-23472 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | |||
| CVE-2024-40705 | 0.00 | — | 0.01 | Aug 15, 2024 | IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. | |||
| CVE-2024-40704 | 0.00 | — | 0.01 | Aug 15, 2024 | IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. | |||
| CVE-2024-39751 | 0.00 | — | 0.00 | Aug 6, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 |
- CVE-2025-3221Jun 21, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.
- CVE-2025-1499Jun 1, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
- CVE-2025-1138May 15, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
- CVE-2025-25046Apr 23, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
- CVE-2025-25045Apr 23, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
- CVE-2024-22351Apr 23, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
- CVE-2024-55895Mar 29, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
- CVE-2024-51477Mar 28, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
- CVE-2024-7577Mar 28, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
- CVE-2024-43186Mar 28, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
- CVE-2024-51459Mar 19, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
- CVE-2024-40706Jan 24, 2025risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
- CVE-2024-52363Jan 17, 2025risk 0.00cvss —epss 0.01
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
- CVE-2021-29827Dec 18, 2024risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch…
- CVE-2024-52901Dec 12, 2024risk 0.00cvss —epss 0.01
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
- CVE-2024-51460Dec 11, 2024risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
- CVE-2023-23472Dec 11, 2024risk 0.00cvss —epss 0.00
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
- CVE-2024-40705Aug 15, 2024risk 0.00cvss —epss 0.01
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.
- CVE-2024-40704Aug 15, 2024risk 0.00cvss —epss 0.01
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.
- CVE-2024-39751Aug 6, 2024risk 0.00cvss —epss 0.00
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429
Page 3 of 10