Infosphere Information Server
Sign in to watchby IBM
CVEs (99)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50952 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774. | ||
| CVE-2024-28797 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136. | ||
| CVE-2024-31898 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182. | ||
| CVE-2023-50954 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. | ||
| CVE-2024-31902 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234. | ||
| CVE-2024-35119 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342. | ||
| CVE-2024-28798 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. | ||
| CVE-2023-35022 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254. | ||
| CVE-2024-28795 | 0.00 | — | 0.00 | Jun 30, 2024 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832. | ||
| CVE-2015-5021 | 0.00 | — | 0.00 | Nov 4, 2015 | IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | ||
| CVE-2015-1901 | 0.00 | — | 0.00 | Jun 28, 2015 | The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands. | ||
| CVE-2015-0180 | 0.00 | — | 0.00 | May 25, 2015 | The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors. | ||
| CVE-2014-3071 | 0.00 | — | 0.00 | Jul 26, 2014 | Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection. | ||
| CVE-2013-4059 | 0.00 | — | 0.00 | Mar 16, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces. | ||
| CVE-2013-4058 | 0.00 | — | 0.01 | Mar 16, 2014 | Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. | ||
| CVE-2013-4057 | 0.00 | — | 0.00 | Mar 16, 2014 | Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2013-5440 | 0.00 | — | 0.00 | Dec 18, 2013 | IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation. | ||
| CVE-2013-4056 | 0.00 | — | 0.00 | Oct 13, 2013 | Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2013-4067 | 0.00 | — | 0.00 | Oct 2, 2013 | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors. | ||
| CVE-2013-4066 | 0.00 | — | 0.00 | Oct 2, 2013 | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. |
Page 4 of 5