Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Infosphere_information_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 168 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-03 | CVE-2022-35717 | "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361. | Infosphere_information_server | 7.8 | ||
| 2022-11-03 | CVE-2022-40235 | "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725." | Infosphere_information_server | 6.5 | ||
| 2024-12-11 | CVE-2023-23472 | IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | Infosphere_information_server | 6.5 | ||
| 2024-12-19 | CVE-2021-29827 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | Infosphere_information_server | 5.2 | ||
| 2025-01-17 | CVE-2024-52363 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | Infosphere_information_server | 7.5 | ||
| 2025-01-24 | CVE-2024-40706 | IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system. | Infosphere_information_server | 4.3 | ||
| 2024-12-11 | CVE-2024-51460 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. | Infosphere_information_server | 4.3 | ||
| 2024-12-12 | CVE-2024-52901 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | Infosphere_information_server | 6.5 | ||
| 2024-02-21 | CVE-2023-33843 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544. | Infosphere_information_server | 5.4 | ||
| 2024-02-21 | CVE-2023-50955 | IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777. | Infosphere_information_server | 2.7 |