National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ibm:infosphere_information_server_on_cloud:11.7
There are 12 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-4237

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419.

Published: July 01, 2019; 11:15:12 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2018-1845

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.

Published: June 17, 2019; 11:15:12 AM -04:00
V3.0: 7.1 HIGH
    V2: 5.5 MEDIUM
CVE-2019-4257

IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945.

Published: June 06, 2019; 05:29:01 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-4238

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464.

Published: April 25, 2019; 11:29:01 AM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2018-1994

IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494.

Published: April 10, 2019; 11:29:00 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-1917

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784.

Published: April 02, 2019; 10:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-1906

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.

Published: April 02, 2019; 10:29:00 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2018-1899

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528.

Published: March 05, 2019; 01:29:00 PM -05:00
V3.0: 4.3 MEDIUM
    V2: 3.3 LOW
CVE-2018-1875

IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639.

Published: March 05, 2019; 01:29:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2018-1895

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159.

Published: February 15, 2019; 03:29:00 PM -05:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2018-1701

IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.

Published: February 15, 2019; 03:29:00 PM -05:00
V3.0: 8.5 HIGH
    V2: 6.0 MEDIUM
CVE-2018-1518

IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.

Published: October 18, 2018; 11:29:00 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW