Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Infosphere_information_server_on_cloud
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 27 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-06 | CVE-2020-4384 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. | Infosphere_information_server_on_cloud, Infosphere_qualitystage | 5.4 | ||
| 2020-05-19 | CVE-2020-4286 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. | Infosphere_information_server, Infosphere_information_server_on_cloud | 6.5 | ||
| 2020-05-19 | CVE-2020-4298 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. | Infosphere_information_server, Infosphere_information_server_on_cloud | 5.4 | ||
| 2020-07-09 | CVE-2020-4305 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. | Infosphere_information_server, Infosphere_information_server_on_cloud | 8.8 | ||
| 2022-05-10 | CVE-2022-22454 | IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | Infosphere_information_server_on_cloud | 7.8 | ||
| 2022-11-03 | CVE-2022-22442 | "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." | Infosphere_information_server, Infosphere_information_server_on_cloud | 6.5 | ||
| 2022-11-16 | CVE-2022-40752 | IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | Infosphere_information_server, Infosphere_information_server_on_cloud | 9.8 | ||
| 2024-07-26 | CVE-2024-40689 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. | Infosphere_information_server, Infosphere_information_server_on_cloud | 9.8 | ||
| 2019-04-25 | CVE-2019-4238 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. | Infosphere_information_server, Infosphere_information_server_on_cloud | 5.4 | ||
| 2019-06-06 | CVE-2019-4220 | IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. | Infosphere_information_server_on_cloud, Watson_knowledge_catalog | 5.5 |