Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Infosphere_information_server
(Ibm)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 148 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-02-17 | CVE-2023-24964 | IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. | Infosphere_information_server | 5.5 | ||
2023-02-17 | CVE-2023-24960 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 | Infosphere_information_server | 7.5 | ||
2023-02-21 | CVE-2023-25928 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646. | Infosphere_information_server | 5.4 | ||
2023-04-29 | CVE-2023-30441 | IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | Infosphere_information_server, Java, Websphere_application_server, Z\/transaction_processing_facility | 7.5 | ||
2023-05-19 | CVE-2022-47984 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | Infosphere_information_server | 9.8 | ||
2023-05-19 | CVE-2023-22878 | IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | Infosphere_information_server | 5.5 | ||
2023-05-19 | CVE-2023-28529 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. | Infosphere_information_server | 5.4 | ||
2023-05-22 | CVE-2023-32336 | IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | Infosphere_information_server | 9.8 | ||
2023-07-17 | CVE-2023-33857 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. | Infosphere_information_server | 5.3 | ||
2023-07-19 | CVE-2023-35898 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. | Infosphere_information_server | 6.5 |