Product:

Infosphere_information_server

(Ibm)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 148
Date Id Summary Products Score Patch Annotated
2023-02-17 CVE-2023-24964 IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463. Infosphere_information_server 5.5
2023-02-17 CVE-2023-24960 IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 Infosphere_information_server 7.5
2023-02-21 CVE-2023-25928 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646. Infosphere_information_server 5.4
2023-04-29 CVE-2023-30441 IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. Infosphere_information_server, Java, Websphere_application_server, Z\/transaction_processing_facility 7.5
2023-05-19 CVE-2022-47984 IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. Infosphere_information_server 9.8
2023-05-19 CVE-2023-22878 IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. Infosphere_information_server 5.5
2023-05-19 CVE-2023-28529 IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. Infosphere_information_server 5.4
2023-05-22 CVE-2023-32336 IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. Infosphere_information_server 9.8
2023-07-17 CVE-2023-33857 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695. Infosphere_information_server 5.3
2023-07-19 CVE-2023-35898 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352. Infosphere_information_server 6.5