IBM Infosphere Information Server

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file

CVE-2025-1499 6.5 - Medium - June 01, 2025

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

Cleartext Storage of Sensitive Information

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user

CVE-2025-1138 4.3 - Medium - May 15, 2025

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

Exposure of Information Through Directory Listing

IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information

CVE-2024-40706 4.3 - Medium - January 24, 2025

IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system

CVE-2024-52363 7.5 - High - January 17, 2025

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Directory traversal

IBM InfoSphere Information Server Clickjacking Vulnerability

CVE-2021-29827 5.2 - Medium - December 19, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Clickjacking

IBM InfoSphere Information Server GUI Improper Input Validation Vulnerability

CVE-2024-52901 6.5 - Medium - December 12, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

Improper Validation of Specified Quantity in Input

IBM InfoSphere DataStage Flow Designer Information Disclosure Vulnerability

CVE-2023-23472 6.5 - Medium - December 11, 2024

IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

IBM InfoSphere Information Server: Authenticated User Information Disclosure via Stack Trace

CVE-2024-51460 4.3 - Medium - December 11, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system.

Generation of Error Message Containing Sensitive Information

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers

CVE-2024-40704 4.9 - Medium - August 15, 2024

IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277.

Insufficiently Protected Credentials

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads

CVE-2024-40705 6.5 - Medium - August 15, 2024

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.

Amplification

IBM InfoSphere Information Server 11.7 could

CVE-2024-39751 4.3 - Medium - August 06, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 297429

Generation of Error Message Containing Sensitive Information

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection

CVE-2024-40689 9.8 - Critical - July 26, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.

SQL Injection

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine

CVE-2024-37533 4.6 - Medium - July 24, 2024

IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.

Privacy violation

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting

CVE-2024-40690 5.4 - Medium - July 12, 2024

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2024-28794 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286831.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2023-50964 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF)

CVE-2023-50952 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 275774.

SSRF

IBM InfoSphere Information Server 11.7 could

CVE-2023-50953 4.3 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: 275775.

Generation of Error Message Containing Sensitive Information

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting

CVE-2024-28797 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287136.

XSS

IBM InfoSphere Information Server 11.7 could

CVE-2024-31898 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182.

Insecure Direct Object Reference / IDOR

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information

CVE-2023-50954 5.3 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776.

Use of GET Request Method With Sensitive Query Strings

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting

CVE-2024-28798 6.1 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2024-31902 8.8 - High - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234.

Session Riding

IBM InfoSphere Information Server 11.7 could

CVE-2024-35119 5.3 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.

Generation of Error Message Containing Sensitive Information

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access

CVE-2023-35022 3.3 - Low - June 30, 2024

IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254.

AuthZ

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2024-28795 5.4 - Medium - June 30, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832.

XSS

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user

CVE-2024-22352 5.5 - Medium - March 21, 2024

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361.

Insertion of Sensitive Information into Log File

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2023-50303 6.1 - Medium - February 28, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2023-33843 5.4 - Medium - February 21, 2024

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256544.

XSS

IBM InfoSphere Information Server 11.7 could

CVE-2023-50955 2.7 - Low - February 21, 2024

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

Directory traversal

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration

CVE-2023-24959 7.5 - High - August 28, 2023

IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user

CVE-2023-23473 8.8 - High - August 28, 2023

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.

Session Riding

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection

CVE-2023-22877 8.8 - High - August 28, 2023

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.

CSV Injection

IBM Runtime Environment

CVE-2023-30441 7.5 - High - April 29, 2023

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection

CVE-2022-22425 9.8 - Critical - November 03, 2022

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."

CSV Injection

"IBM InfoSphere Information Server 11.7 could

CVE-2022-40235 6.5 - Medium - November 03, 2022

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."

Improper Input Validation

"IBM InfoSphere Information Server 11.7 could

CVE-2022-35717 7.8 - High - November 03, 2022

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361.

Shell injection

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-30615 5.4 - Medium - November 03, 2022

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592.

XSS

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data

CVE-2022-40747 9.1 - Critical - November 03, 2022

"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 236584."

XXE

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-35642 5.4 - Medium - November 03, 2022

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592."

XSS

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user

CVE-2022-30608 8.8 - High - November 03, 2022

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a "user that the website trusts. IBM X-Force ID: 227295.

Session Riding

"IBM InfoSphere Information Server 11.7 could

CVE-2022-22442 6.5 - Medium - November 03, 2022

"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427."

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could

CVE-2012-4818 6.5 - Medium - September 29, 2022

IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability via the DataStage application to load or import content functionality to view arbitrary files on the system.

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-40748 5.4 - Medium - September 23, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236586.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection

CVE-2022-31768 9.8 - Critical - June 06, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

SQL Injection

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2021-38952 5.4 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-22443 5.4 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440.

XSS

IBM InfoSphere Information Server 11.7 could

CVE-2022-22441 6.5 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-22427 6.1 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720.

XSS

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting

CVE-2022-22322 5.4 - Medium - April 28, 2022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370.

XSS