Product:

Infosphere_information_server_on_cloud

(Ibm)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 27
Date Id Summary Products Score Patch Annotated
2019-06-06 CVE-2019-4185 IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975. Infosphere_information_server, Infosphere_information_server_on_cloud 8.3
2019-06-17 CVE-2018-1845 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Infosphere_governance_catalog, Infosphere_information_server, Infosphere_information_server_business_glossary, Infosphere_information_server_metadata_workbench, Infosphere_information_server_on_cloud 7.1
2019-07-01 CVE-2019-4237 A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. Infosphere_information_governance_catalog, Infosphere_information_server, Infosphere_information_server_on_cloud 5.4
2020-07-09 CVE-2020-4305 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176677. Infosphere_information_server, Infosphere_information_server_on_cloud N/A
2020-05-19 CVE-2020-4298 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. Infosphere_information_server, Infosphere_information_server_on_cloud N/A
2020-05-19 CVE-2020-4286 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. Infosphere_information_server, Infosphere_information_server_on_cloud N/A
2020-05-06 CVE-2020-4384 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. Infosphere_information_server_on_cloud, Infosphere_qualitystage N/A
2017-07-12 CVE-2017-1321 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. Infosphere_information_server, Infosphere_information_server_on_cloud N/A
2019-04-10 CVE-2018-1994 IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494. Infosphere_information_server_on_cloud, Infosphere_metadata_asset_manager 9.8
2019-04-02 CVE-2018-1917 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784. Infosphere_information_server, Infosphere_information_server_on_cloud 6.5