Infosphere Information Server IBM Infosphere Information Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in IBM Infosphere Information Server.

By the Year

In 2025 there have been 0 vulnerabilities in IBM Infosphere Information Server. Last year, in 2024 Infosphere Information Server had 26 security vulnerabilities published. Right now, Infosphere Information Server is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 26 5.38
2023 4 8.15
2022 7 6.44
2021 5 7.60
2020 9 5.56
2019 8 7.10
2018 3 5.83

It may take a day or so for new Infosphere Information Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Infosphere Information Server Security Vulnerabilities

IBM InfoSphere Information Server Clickjacking Vulnerability

CVE-2021-29827 5.2 - Medium - December 19, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Clickjacking

IBM InfoSphere Information Server GUI Improper Input Validation Vulnerability

CVE-2024-52901 6.5 - Medium - December 12, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

Improper Validation of Specified Quantity in Input

IBM InfoSphere Information Server: Authenticated User Information Disclosure via Stack Trace

CVE-2024-51460 4.3 - Medium - December 11, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

Generation of Error Message Containing Sensitive Information

IBM InfoSphere DataStage Flow Designer Information Disclosure Vulnerability

CVE-2023-23472 3.1 - Low - December 11, 2024

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers

CVE-2024-40704 4.9 - Medium - August 15, 2024

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.

Insufficiently Protected Credentials

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads

CVE-2024-40705 6.5 - Medium - August 15, 2024

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.

Amplification

IBM InfoSphere Information Server 11.7 could

CVE-2024-39751 4.3 - Medium - August 06, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429

Generation of Error Message Containing Sensitive Information

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection

CVE-2024-40689 9.8 - Critical - July 26, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.

SQL Injection

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine

CVE-2024-37533 4.6 - Medium - July 24, 2024

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.

Privacy violation

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting

CVE-2024-40690 5.4 - Medium - July 12, 2024

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2023-50964 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2024-28794 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting

CVE-2024-28797 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136.

XSS

IBM InfoSphere Information Server 11.7 could

CVE-2023-50953 4.3 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.

Generation of Error Message Containing Sensitive Information

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF)

CVE-2023-50952 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.

SSRF

IBM InfoSphere Information Server 11.7 could

CVE-2024-31898 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.

Insecure Direct Object Reference / IDOR

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting

CVE-2024-28798 6.1 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2024-31902 8.8 - High - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

Session Riding

IBM InfoSphere Information Server 11.7 could

CVE-2024-35119 5.3 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.

Generation of Error Message Containing Sensitive Information

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information

CVE-2023-50954 5.3 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.

Use of GET Request Method With Sensitive Query Strings

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2024-28795 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832.

XSS

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access

CVE-2023-35022 3.3 - Low - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.

AuthZ

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user

CVE-2024-22352 5.5 - Medium - March 21, 2024

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

Insertion of Sensitive Information into Log File

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2023-50303 6.1 - Medium - February 28, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.

XSS

IBM InfoSphere Information Server 11.7 could

CVE-2023-50955 2.7 - Low - February 21, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

Directory traversal

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2023-33843 5.4 - Medium - February 21, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544.

XSS

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection

CVE-2023-22877 8.8 - High - August 28, 2023

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.

CSV Injection

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2023-23473 8.8 - High - August 28, 2023

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.

Session Riding

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration

CVE-2023-24959 7.5 - High - August 28, 2023

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.

IBM Runtime Environment

CVE-2023-30441 7.5 - High - April 29, 2023

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could

CVE-2012-4818 6.5 - Medium - September 29, 2022

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection

CVE-2022-31768 9.8 - Critical - June 06, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

SQL Injection

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2021-38952 5.4 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-22322 5.4 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-22427 6.1 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720.

XSS

IBM InfoSphere Information Server 11.7 could

CVE-2022-22441 6.5 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-22443 5.4 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440.

XSS

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests

CVE-2021-38887 6.5 - Medium - November 10, 2021

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.

Information Disclosure

IBM InfoSphere Information Server 11.7 could

CVE-2021-29875 7.5 - High - November 02, 2021

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection

CVE-2021-29730 8.8 - High - July 09, 2021

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.

SQL Injection

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2020-4997 5.4 - Medium - April 05, 2021

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914

XSS

IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could

CVE-2020-27583 9.8 - Critical - January 26, 2021

IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Marshaling, Unmarshaling

IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history

CVE-2020-4886 3.3 - Low - November 13, 2020

IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.

Insecure Storage of Sensitive Information

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection

CVE-2020-4740 5.2 - Medium - October 12, 2020

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150.

Injection

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting

CVE-2020-4741 5.4 - Medium - October 12, 2020

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197.

XSS

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim

CVE-2020-4727 6.1 - Medium - September 25, 2020

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Clickjacking

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting

CVE-2020-4702 5.4 - Medium - September 04, 2020

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.

XSS

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting

CVE-2020-4298 5.4 - Medium - May 19, 2020

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475.

XSS

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2020-4286 6.5 - Medium - May 19, 2020

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.

Session Riding

IBM InfoSphere Information Server 11.3

CVE-2020-4347 7.3 - High - April 16, 2020

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.

Improper Privilege Management

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting

CVE-2020-4162 5.4 - Medium - March 10, 2020

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.

XSS

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can

CVE-2019-4237 5.4 - Medium - July 01, 2019

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.

XSS

IBM InfoSphere Information Server 11.3

CVE-2018-1845 7.1 - High - June 17, 2019

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.

XXE

IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component

CVE-2019-4185 8.3 - High - June 06, 2019

IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975.

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting

CVE-2019-4238 5.4 - Medium - April 25, 2019

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.

XSS

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could

CVE-2018-1917 6.5 - Medium - April 02, 2019

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.

Information Disclosure

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could

CVE-2018-1906 6.5 - Medium - April 02, 2019

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.

IBM InfoSphere Information Server 9.1

CVE-2018-1727 9.1 - Critical - February 15, 2019

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.

XXE

IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process

CVE-2018-1701 8.5 - High - February 15, 2019

IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability

CVE-2018-1518 5.5 - Medium - October 18, 2018

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.

Inadequate Encryption Strength

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could

CVE-2018-1454 5.9 - Medium - June 05, 2018

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089.

Cleartext Transmission of Sensitive Information

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability

CVE-2018-1432 6.1 - Medium - June 05, 2018

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.

Clickjacking

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Infosphere Information Server or by IBM? Click the Watch button to subscribe.

IBM
Vendor

subscribe