Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Infosphere_information_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 170 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-23 | CVE-2025-25046 | IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques. | Infosphere_information_server | 3.7 | ||
| 2025-06-26 | CVE-2025-36034 | IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. | Infosphere_information_server | 5.9 | ||
| 2022-11-16 | CVE-2022-40752 | IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | Infosphere_information_server, Infosphere_information_server_on_cloud | 9.8 | ||
| 2025-03-29 | CVE-2024-43186 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions. | Infosphere_information_server | 6.5 | ||
| 2025-03-29 | CVE-2024-7577 | IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | Infosphere_information_server | 7.5 | ||
| 2025-03-29 | CVE-2024-55895 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | Infosphere_information_server | 5.3 | ||
| 2025-04-23 | CVE-2024-22351 | IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | Infosphere_information_server | 6.3 | ||
| 2025-04-23 | CVE-2025-25045 | IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | Infosphere_information_server | 4.3 | ||
| 2025-06-21 | CVE-2025-3221 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | Infosphere_information_server | 7.5 | ||
| 2025-06-21 | CVE-2025-3629 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management. | Infosphere_information_server | 4.3 |