IBM Infosphere Information Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Infosphere Information Server.
By the Year
In 2025 there have been 19 vulnerabilities in IBM Infosphere Information Server with an average score of 6.3 out of ten. Last year, in 2024 Infosphere Information Server had 26 security vulnerabilities published. Right now, Infosphere Information Server is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.78.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 19 | 6.29 |
| 2024 | 26 | 5.51 |
| 2023 | 13 | 6.78 |
| 2022 | 18 | 7.04 |
| 2021 | 5 | 7.60 |
| 2020 | 9 | 5.56 |
| 2019 | 8 | 7.10 |
| 2018 | 3 | 5.83 |
It may take a day or so for new Infosphere Information Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Infosphere Information Server Security Vulnerabilities
IBM InfoSphere InfoSrv XXE Vulnerability in XML Parser v11.7.0.011.7.1.6
CVE-2025-12531
7.1 - High
- November 03, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
XXE
IBM InfoSphere InfoServer 11.7.0.0-11.7.1.6 PrivEsc via Unnecc Exec
CVE-2025-33003
7.8 - High
- October 31, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
Execution with Unnecessary Privileges
IBM InfoSphere 11.7.0.011.7.1.6 Auth Cmd Execution via Input Validation
CVE-2025-36245
8.8 - High
- September 29, 2025
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.
Shell injection
IBM InfoSphere DataStage Flow Designer 11.7 API Cleartext Disclosure
CVE-2025-36034
5.9 - Medium
- June 26, 2025
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM Infosphere IS 11.7 SQLi via Remote Inputs
CVE-2025-0966
7.6 - High
- June 25, 2025
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
SQL Injection
IBM InfoSphere Info Server 11.7.x Authenticated User Can Delete Others' Comments
CVE-2025-3629
4.3 - Medium
- June 21, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.
Improper Ownership Management
DoS in IBM InfoSphere Server 11.7.0.0-11.7.1.6 Resource Validation
CVE-2025-3221
7.5 - High
- June 21, 2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.
Allocation of Resources Without Limits or Throttling
InfoSphere InfoSrv 11.7 Credential Storage in Cleartext Param File
CVE-2025-1499
6.5 - Medium
- June 01, 2025
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
Cleartext Storage of Sensitive Information
IBM InfoSphere InfoServer 11.7 Authenticated Directory Listing Disclosure
CVE-2025-1138
4.3 - Medium
- May 15, 2025
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
Exposure of Information Through Directory Listing
IBM InfoSphere Info Server 11.7 Auth User Can Leak Sensitive Info
CVE-2025-25045
4.3 - Medium
- April 23, 2025
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere 11.7: Session Not Invalidated on Logout, Allows User Impersonation
CVE-2024-22351
6.3 - Medium
- April 23, 2025
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM InfoSphere DataStage Flow Designer 11.7 URL Params Sensitive Data Exposure
CVE-2025-25046
3.7 - Low
- April 23, 2025
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.
Cleartext Transmission of Sensitive Information
IBM InfoSphere Info Server 11.7 Remote Info Disclosure via Error Trace
CVE-2024-55895
5.3 - Medium
- March 29, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere Info Server 11.7 Auth. Username Leak via Response Mismatch
CVE-2024-51477
6.5 - Medium
- March 29, 2025
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
Side Channel Attack
InfoSphere InfoSrvr 11.7 Credential Disclosure in New Install
CVE-2024-7577
7.5 - High
- March 29, 2025
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
Insertion of Sensitive Information into Log File
Authenticated Local Info Disclosure in IBM Infosphere 11.7
CVE-2024-43186
6.5 - Medium
- March 29, 2025
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
Unprotected Storage of Credentials
IBM InfoSphere IS 11.7 Local Privilege Escape via Permission Mis-Handling
CVE-2024-51459
7.8 - High
- March 19, 2025
IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
Improper Handling of Insufficient Permissions or Privileges
InfoSphere InfoServer 11.7 Version Disclosure Remote Info Leak
CVE-2024-40706
4.3 - Medium
- January 24, 2025
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM InfoSphere IS 11.7 Dir Traversal via URL /../
CVE-2024-52363
7.5 - High
- January 17, 2025
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Directory traversal
IBM InfoSphere Information Server Clickjacking Vulnerability
CVE-2021-29827
5.2 - Medium
- December 19, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
IBM InfoSphere Information Server GUI Improper Input Validation Vulnerability
CVE-2024-52901
6.5 - Medium
- December 12, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
Improper Validation of Specified Quantity in Input
IBM InfoSphere Information Server: Authenticated User Information Disclosure via Stack Trace
CVE-2024-51460
4.3 - Medium
- December 11, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere DataStage Flow Designer Information Disclosure Vulnerability
CVE-2023-23472
6.5 - Medium
- December 11, 2024
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
InfoSphere Unrestricted File Upload Enables Disk Exhaustion
CVE-2024-40705
6.5 - Medium
- August 15, 2024
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.
Amplification
InfoSphere IS 11.7 Auth Header Leakage for Privileged Users
CVE-2024-40704
4.9 - Medium
- August 15, 2024
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.
Insufficiently Protected Credentials
InfoSphere Info Serv 11.7: Browser Error Disclosure Enables Remote Info Leak
CVE-2024-39751
4.3 - Medium
- August 06, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429
Generation of Error Message Containing Sensitive Information
IBM InfoSphere Info Server 11.7 SQL Injection Vulnerability
CVE-2024-40689
9.8 - Critical
- July 26, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.
SQL Injection
InfoSphere InfoServer 11.7 Local Info Leak via Physical Access
CVE-2024-37533
4.6 - Medium
- July 24, 2024
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.
Privacy violation
IBM InfoSphere Server 11.7 XSS in Web UI (CVE-2024-40690)
CVE-2024-40690
5.4 - Medium
- July 12, 2024
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.
XSS
IBM InfoSphere InfoServer 11.7 XSS in Web UI (arbitrary JS injection)
CVE-2024-28794
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831.
XSS
InfoSphere Info Server 11.7 XSS in Web UI
CVE-2023-50964
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.
XSS
InfoSphere Info Ser v11.7 Auth Bypass via IDOR
CVE-2024-31898
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.
Insecure Direct Object Reference / IDOR
IBM InfoSphere Info Server 11.7 Stored XSS in Web UI
CVE-2024-28797
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136.
XSS
InfoSphere InfoServer 11.7 info disclosure via detailed error message
CVE-2023-50953
4.3 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere Info Server 11.7 SSRF Vulnerability
CVE-2023-50952
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.
SSRF
InfoSphere Information Server 11.7 Exposes Sensitive Data in Stack Trace
CVE-2024-35119
5.3 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere IS 11.7: XSRF Vulnerability Enables Unauthorized Actions
CVE-2024-31902
8.8 - High
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.
Session Riding
IBM InfoSphere Info Server 11.7 XSS in Web UI Enables Stored JS Execution
CVE-2024-28798
6.1 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.
XSS
IBM IS 11.7 URL Info Leak
CVE-2023-50954
5.3 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.
Use of GET Request Method With Sensitive Query Strings
IBM InfoSphere InfoServer 11.7 XSS in Web UI allows script injection
CVE-2024-28795
5.4 - Medium
- June 30, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832.
XSS
IBM InfoSphere Info Server 11.7 Unauthorized Project Update
CVE-2023-35022
3.3 - Low
- June 30, 2024
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.
AuthZ
IBM InfoSphere Info Serv 11.7 Log File Info Disclosure to Local User
CVE-2024-22352
5.5 - Medium
- March 21, 2024
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.
Insertion of Sensitive Information into Log File
IBM InfoSphere Info Server 11.7 XSS in Web UI (JavaScript Injection)
CVE-2023-50303
6.1 - Medium
- February 28, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.
XSS
IBM InfoSphere InfoServer 11.7 Path Disclosure for Authenticated Privileged Users
CVE-2023-50955
2.7 - Low
- February 21, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.
Directory traversal
InfoSphere Info Server 11.7 XSS in Web UI - credential exposure
CVE-2023-33843
5.4 - Medium
- February 21, 2024
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544.
XSS
IBM InfoSphere Info Server 11.7 WebUI XSS allows arbitrary JS injection
CVE-2023-46174
5.4 - Medium
- December 01, 2023
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.
XSS
IBM InfoSphere IS 11.7: Sensitive Data Leak via Error Message
CVE-2023-43021
5.3 - Medium
- December 01, 2023
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.
Generation of Error Message Containing Sensitive Information
IBM InfoSphere InfoServer 11.7 XSS in Web UI leads to creds disclosure
CVE-2023-42022
5.4 - Medium
- December 01, 2023
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.
XSS
IBM InfoSphere Information Server 11.7 DoS via Improper Input Validation
CVE-2023-42019
5.9 - Medium
- December 01, 2023
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.
Missing Encryption of Sensitive Data
XSS in IBM InfoSphere IS 11.7 Web UI CVE-2023-42009
CVE-2023-42009
5.4 - Medium
- December 01, 2023
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Infosphere Information Server or by IBM? Click the Watch button to subscribe.
