Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Infosphere_information_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 144 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-28 | CVE-2022-22441 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. | Infosphere_information_server | 6.5 | ||
| 2022-07-01 | CVE-2022-22373 | An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. | Infosphere_information_server | 5.4 | ||
| 2022-10-07 | CVE-2022-36772 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. | Infosphere_information_server | 6.5 | ||
| 2022-11-03 | CVE-2022-22442 | "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." | Infosphere_information_server, Infosphere_information_server_on_cloud | 6.5 | ||
| 2023-07-19 | CVE-2023-35898 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. | Infosphere_information_server | 6.5 | ||
| 2023-07-17 | CVE-2023-33857 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. | Infosphere_information_server | 5.3 | ||
| 2023-05-19 | CVE-2022-47984 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | Infosphere_information_server | 9.8 | ||
| 2023-05-19 | CVE-2023-22878 | IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | Infosphere_information_server | 5.5 | ||
| 2023-05-19 | CVE-2023-28529 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. | Infosphere_information_server | 5.4 | ||
| 2023-05-22 | CVE-2023-32336 | IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | Infosphere_information_server | 9.8 |