Infosphere Information Server
by IBM
CVEs (99)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-55895 | 0.00 | — | 0.00 | Mar 29, 2025 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||
| CVE-2024-51477 | 0.00 | — | 0.00 | Mar 28, 2025 | IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. | ||
| CVE-2024-7577 | 0.00 | — | 0.00 | Mar 28, 2025 | IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | ||
| CVE-2024-43186 | 0.00 | — | 0.00 | Mar 28, 2025 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | ||
| CVE-2024-51459 | 0.00 | — | 0.00 | Mar 19, 2025 | IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | ||
| CVE-2024-40706 | 0.00 | — | 0.00 | Jan 24, 2025 | IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | ||
| CVE-2024-52363 | 0.00 | — | 0.00 | Jan 17, 2025 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||
| CVE-2021-29827 | 0.00 | — | 0.00 | Dec 18, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | ||
| CVE-2024-52901 | 0.00 | — | 0.00 | Dec 12, 2024 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | ||
| CVE-2024-51460 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. | ||
| CVE-2023-23472 | 0.00 | — | 0.00 | Dec 11, 2024 | IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | ||
| CVE-2024-40705 | 0.00 | — | 0.00 | Aug 15, 2024 | IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279. | ||
| CVE-2024-40704 | 0.00 | — | 0.00 | Aug 15, 2024 | IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277. | ||
| CVE-2024-39751 | 0.00 | — | 0.00 | Aug 6, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429 | ||
| CVE-2024-40689 | 0.00 | — | 0.00 | Jul 26, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. | ||
| CVE-2024-37533 | 0.00 | — | 0.00 | Jul 24, 2024 | IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | ||
| CVE-2024-40690 | 0.00 | — | 0.00 | Jul 12, 2024 | IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720. | ||
| CVE-2023-50964 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102. | ||
| CVE-2024-28794 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831. | ||
| CVE-2023-50953 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775. |
Page 3 of 5