IBM Infosphere Information Server
By the Year
In 2024 there have been 1 vulnerability in IBM Infosphere Information Server with an average score of 5.5 out of ten. Last year Infosphere Information Server had 4 security vulnerabilities published. Right now, Infosphere Information Server is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 2.65
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 5.50 |
| 2023 | 4 | 8.15 |
| 2022 | 7 | 6.44 |
| 2021 | 5 | 7.60 |
| 2020 | 9 | 5.56 |
| 2019 | 8 | 7.10 |
| 2018 | 3 | 5.83 |
It may take a day or so for new Infosphere Information Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Infosphere Information Server Security Vulnerabilities
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user
CVE-2024-22352
5.5 - Medium
- March 21, 2024
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.
Insertion of Sensitive Information into Log File
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection
CVE-2023-22877
8.8 - High
- August 28, 2023
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
CSV Injection
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user
CVE-2023-23473
8.8 - High
- August 28, 2023
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.
Session Riding
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration
CVE-2023-24959
7.5 - High
- August 28, 2023
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.
IBM Runtime Environment
CVE-2023-30441
7.5 - High
- April 29, 2023
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.
IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could
CVE-2012-4818
6.5 - Medium
- September 29, 2022
IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection
CVE-2022-31768
9.8 - Critical
- June 06, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
SQL Injection
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
CVE-2021-38952
5.4 - Medium
- April 28, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.
XSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
CVE-2022-22443
5.4 - Medium
- April 28, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440.
XSS
IBM InfoSphere Information Server 11.7 could
CVE-2022-22441
6.5 - Medium
- April 28, 2022
IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
CVE-2022-22427
6.1 - Medium
- April 28, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720.
XSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
CVE-2022-22322
5.4 - Medium
- April 28, 2022
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370.
XSS
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests
CVE-2021-38887
6.5 - Medium
- November 10, 2021
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.
Information Disclosure
IBM InfoSphere Information Server 11.7 could
CVE-2021-29875
7.5 - High
- November 02, 2021
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection
CVE-2021-29730
8.8 - High
- July 09, 2021
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 201164.
SQL Injection
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
CVE-2020-4997
5.4 - Medium
- April 05, 2021
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914
XSS
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could
CVE-2020-27583
9.8 - Critical
- January 26, 2021
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Marshaling, Unmarshaling
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history
CVE-2020-4886
3.3 - Low
- November 13, 2020
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.
Insecure Storage of Sensitive Information
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting
CVE-2020-4741
5.4 - Medium
- October 12, 2020
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188197.
XSS
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection
CVE-2020-4740
5.2 - Medium
- October 12, 2020
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150.
Injection
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim
CVE-2020-4727
6.1 - Medium
- September 25, 2020
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Clickjacking
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting
CVE-2020-4702
5.4 - Medium
- September 04, 2020
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187187.
XSS
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting
CVE-2020-4298
5.4 - Medium
- May 19, 2020
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475.
XSS
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user
CVE-2020-4286
6.5 - Medium
- May 19, 2020
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268.
Session Riding
IBM InfoSphere Information Server 11.3
CVE-2020-4347
7.3 - High
- April 16, 2020
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.
Improper Privilege Management
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting
CVE-2020-4162
5.4 - Medium
- March 10, 2020
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174342.
XSS
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can
CVE-2019-4237
5.4 - Medium
- July 01, 2019
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.
XSS
IBM InfoSphere Information Server 11.3
CVE-2018-1845
7.1 - High
- June 17, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.
XXE
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component
CVE-2019-4185
8.3 - High
- June 06, 2019
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975.
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting
CVE-2019-4238
5.4 - Medium
- April 25, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.
XSS
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could
CVE-2018-1917
6.5 - Medium
- April 02, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.
Information Disclosure
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could
CVE-2018-1906
6.5 - Medium
- April 02, 2019
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.
IBM InfoSphere Information Server 9.1
CVE-2018-1727
9.1 - Critical
- February 15, 2019
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.
XXE
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process
CVE-2018-1701
8.5 - High
- February 15, 2019
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability
CVE-2018-1518
5.5 - Medium
- October 18, 2018
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.
Inadequate Encryption Strength
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability
CVE-2018-1432
6.1 - Medium
- June 05, 2018
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360.
Clickjacking
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could
CVE-2018-1454
5.9 - Medium
- June 05, 2018
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 140089.
Cleartext Transmission of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Infosphere Information Server or by IBM? Click the Watch button to subscribe.
