Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Infosphere_information_server
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 168 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-03-29 | CVE-2024-7577 | IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product. | Infosphere_information_server | 7.5 | ||
| 2025-03-29 | CVE-2024-55895 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | Infosphere_information_server | 5.3 | ||
| 2025-04-23 | CVE-2024-22351 | IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | Infosphere_information_server | 6.3 | ||
| 2025-04-23 | CVE-2025-25045 | IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system. | Infosphere_information_server | 4.3 | ||
| 2025-06-21 | CVE-2025-3221 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | Infosphere_information_server | 7.5 | ||
| 2025-06-21 | CVE-2025-3629 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management. | Infosphere_information_server | 4.3 | ||
| 2025-06-25 | CVE-2025-0966 | IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | Infosphere_information_server | 7.6 | ||
| 2025-03-29 | CVE-2024-51477 | IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. | Infosphere_information_server | 6.5 | ||
| 2025-03-19 | CVE-2024-51459 | IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | Infosphere_information_server | 7.8 | ||
| 2025-06-01 | CVE-2025-1499 | IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | Infosphere_information_server, Infosphere_information_server_on_cloud | 6.5 |