IBM Infosphere Information Server On Cloud
By the Year
In 2024 there have been 0 vulnerabilities in IBM Infosphere Information Server On Cloud . Infosphere Information Server On Cloud did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 5.77 |
| 2019 | 13 | 6.39 |
| 2018 | 1 | 5.50 |
It may take a day or so for new Infosphere Information Server On Cloud vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Infosphere Information Server On Cloud Security Vulnerabilities
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting
CVE-2020-4298
5.4 - Medium
- May 19, 2020
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475.
XSS
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user
CVE-2020-4286
6.5 - Medium
- May 19, 2020
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.
Session Riding
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting
CVE-2020-4384
5.4 - Medium
- May 06, 2020
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265.
XSS
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can
CVE-2019-4237
5.4 - Medium
- July 01, 2019
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.
XSS
IBM InfoSphere Information Server 11.3
CVE-2018-1845
7.1 - High
- June 17, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.
XXE
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability
CVE-2019-4257
4.3 - Medium
- June 06, 2019
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information
CVE-2019-4220
5.5 - Medium
- June 06, 2019
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.
Use of Hard-coded Credentials
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component
CVE-2019-4185
8.3 - High
- June 06, 2019
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975.
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting
CVE-2019-4238
5.4 - Medium
- April 25, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.
XSS
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection
CVE-2018-1994
9.8 - Critical
- April 10, 2019
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.
SQL Injection
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could
CVE-2018-1917
6.5 - Medium
- April 02, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.
Information Disclosure
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could
CVE-2018-1906
6.5 - Medium
- April 02, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could
CVE-2018-1899
4.3 - Medium
- March 05, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could
CVE-2018-1875
6.1 - Medium
- March 05, 2019
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639.
Open Redirect
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting
CVE-2018-1895
5.4 - Medium
- February 15, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.
XSS
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process
CVE-2018-1701
8.5 - High
- February 15, 2019
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability
CVE-2018-1518
5.5 - Medium
- October 18, 2018
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.
Inadequate Encryption Strength
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Infosphere Information Server On Cloud or by IBM? Click the Watch button to subscribe.
