Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:infosphere_information_server_on_cloud:11.7
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-40752 |
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. Published: November 16, 2022; 6:15:10 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-22442 |
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." Published: November 03, 2022; 4:15:25 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-22454 |
IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Published: May 10, 2022; 12:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-4298 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. Published: May 19, 2020; 10:15:11 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2020-4286 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. Published: May 19, 2020; 10:15:11 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-4384 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179265. Published: May 06, 2020; 10:15:10 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-4237 |
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. Published: July 01, 2019; 11:15:12 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1845 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. Published: June 17, 2019; 11:15:12 AM -0400 |
V3.1: 7.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2019-4257 |
IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. Sensitive information in an error message may be used to conduct further attacks against the system. IBM X-Force ID: 159945. Published: June 06, 2019; 5:29:01 PM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-4238 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. Published: April 25, 2019; 11:29:01 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1994 |
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494. Published: April 10, 2019; 11:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-1917 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive information. IBM X-Force ID: 152784. Published: April 02, 2019; 10:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-1906 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663. Published: April 02, 2019; 10:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-1899 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. Published: March 05, 2019; 1:29:00 PM -0500 |
V3.0: 4.3 MEDIUM V2.0: 3.3 LOW |
CVE-2018-1875 |
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639. Published: March 05, 2019; 1:29:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2018-1895 |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152159. Published: February 15, 2019; 3:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1701 |
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970. Published: February 15, 2019; 3:29:00 PM -0500 |
V3.0: 8.5 HIGH V2.0: 6.0 MEDIUM |
CVE-2018-1518 |
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682. Published: October 18, 2018; 11:29:00 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |