U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ibm:infosphere_information_server:8.5.0.1
There are 22 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-41733

IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583.

Published: January 20, 2023; 2:15:15 PM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2015-7490

IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.

Published: March 03, 2016; 5:59:09 PM -0500
V3.0: 3.1 LOW
V2.0: 3.5 LOW
CVE-2015-1901

The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.

Published: June 28, 2015; 10:59:01 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2013-4059

Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces.

Published: March 16, 2014; 10:06:44 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-4058

Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.

Published: March 16, 2014; 10:06:44 AM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2013-4057

Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.

Published: March 16, 2014; 10:06:44 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-4067

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.

Published: October 02, 2013; 6:55:23 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-4066

IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface.

Published: October 02, 2013; 6:55:23 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-3040

IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack.

Published: August 15, 2013; 9:55:15 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-0502

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.

Published: April 01, 2013; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4832

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Published: January 31, 2013; 7:06:18 AM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2012-4819

Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 31, 2013; 7:06:18 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0705

InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 does not validate unspecified input data, which allows remote authenticated users to execute arbitrary commands via unknown vectors.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2012-0703

Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2012-0702

Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2012-0701

The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2012-0700

The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2012-0205

InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2012-0204

Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0203

Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: January 31, 2013; 7:06:17 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM