threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm infosphere information server
Product
ibm infosphere information server
188 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-2485
>= 11.7.0.0 and <= 11.7.1.6
IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability all
4.8
MEDIUM
CVE-2026-2484
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by over
4.3
MEDIUM
CVE-2026-2483
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows us
5.4
MEDIUM
CVE-2026-1262
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
4.3
MEDIUM
CVE-2026-1015
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an
5.4
MEDIUM
CVE-2026-1014
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server res
6.5
MEDIUM
CVE-2025-36422
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site req
4.3
MEDIUM
CVE-2025-36258
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in pla
7.1
HIGH
CVE-2025-14974
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
5.7
MEDIUM
CVE-2025-14912
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an
5.4
MEDIUM
CVE-2025-14810
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified whic
6.3
MEDIUM
CVE-2025-14808
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query
3.1
LOW
CVE-2025-14807
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation
6.5
MEDIUM
CVE-2025-14790
>= 11.7.0.0 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insuffi
6.5
MEDIUM
CVE-2026-1567
>= 11.7 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Informati
7.1
HIGH
CVE-2026-1265
>= 11.7 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
4.3
MEDIUM
CVE-2025-12832
>= 11.7 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an
4.6
MEDIUM
CVE-2025-12531
>= 11.7 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when pr
7.1
HIGH
CVE-2025-33003
>= 11.7 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities wit
7.8
HIGH
CVE-2025-36245
>= 11.7 and <= 11.7.1.6
IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with e
8.8
HIGH
CVE-2025-36034
all versions
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API reque
5.3
MEDIUM
CVE-2025-0966
>= 11.7 and < 11.7.1
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements,
7.6
HIGH
CVE-2025-3629
>= 11.7 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments
4.3
MEDIUM
CVE-2025-3221
>= 11.7 and <= 11.7.1.6
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insu
7.5
HIGH
CVE-2025-1499
all versions
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file tha
6.5
MEDIUM
CVE-2025-1138
all versions
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further att
4.3
MEDIUM
CVE-2025-25046
all versions
IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters tha
3.7
LOW
CVE-2025-25045
>= 11.7 and < 11.7.1
IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message
4.3
MEDIUM
CVE-2024-22351
>= 11.7 and < 11.7.1
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to imperso
6.3
MEDIUM
CVE-2024-55895
>= 11.7 and < 11.7.1
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical err
2.7
LOW
CVE-2024-7577
>= 11.7 and < 11.7.1
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the pro
4.4
MEDIUM
CVE-2024-51477
>= 11.7 and < 11.7.1
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observabl
4.3
MEDIUM
CVE-2024-43186
>= 11.7 and < 11.7.1
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally un
5.3
MEDIUM
CVE-2024-51459
>= 11.7 and < 11.7.1.136
IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of per
8.4
HIGH
CVE-2024-40706
all versions
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further
5.3
MEDIUM
CVE-2024-52363
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send
6.5
MEDIUM
CVE-2021-29827
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a
5.2
MEDIUM
CVE-2024-52901
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input
6.5
MEDIUM
CVE-2024-51460
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical
4.3
MEDIUM
CVE-2023-23472
all versions
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive
3.1
LOW
CVE-2024-40705
all versions
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploa
6.5
MEDIUM
CVE-2024-40704
all versions
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request h
4.9
MEDIUM
CVE-2024-39751
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical err
4.3
MEDIUM
CVE-2024-40689
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statemen
6.0
MEDIUM
CVE-2024-37533
all versions
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machi
2.4
LOW
CVE-2024-40690
all versions
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra
5.4
MEDIUM
CVE-2024-28794
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2023-50964
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2024-31898
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing auth
5.4
MEDIUM
CVE-2024-28797
all versions
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbi
6.4
MEDIUM
CVE-2023-50953
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical err
5.4
MEDIUM
CVE-2023-50952
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attack
5.4
MEDIUM
CVE-2024-35119
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical err
5.3
MEDIUM
CVE-2024-31902
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malici
4.3
MEDIUM
CVE-2024-28798
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbi
7.2
HIGH
CVE-2023-50954
all versions
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks agai
4.3
MEDIUM
CVE-2024-28795
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2023-35022
all versions
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to acce
3.3
LOW
CVE-2024-22352
all versions
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user.
6.5
MEDIUM
CVE-2023-50303
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
6.1
MEDIUM
CVE-2023-50955
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server
2.4
LOW
CVE-2023-33843
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2023-46174
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2023-43021
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical err
5.3
MEDIUM
CVE-2023-42022
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2023-42019
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation
5.9
MEDIUM
CVE-2023-42009
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2023-40699
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation
7.5
HIGH
CVE-2023-43015
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2023-38268
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malici
4.3
MEDIUM
CVE-2023-40363
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permis
8.1
HIGH
CVE-2023-24959
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force
5.3
MEDIUM
CVE-2023-23473
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malici
5.3
MEDIUM
CVE-2023-22877
>= 11.7.0.0 and < 11.7.1.0
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary comma
7.0
HIGH
CVE-2023-35898
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure securi
4.3
MEDIUM
CVE-2023-33857
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query
5.3
MEDIUM
CVE-2023-32336
all versions
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an
8.8
HIGH
CVE-2023-28529
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbi
5.5
MEDIUM
CVE-2023-22878
all versions
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force
6.2
MEDIUM
CVE-2022-47984
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statemen
6.3
MEDIUM
CVE-2023-30441
all versions
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive in
7.5
HIGH
CVE-2023-25928
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
4.6
MEDIUM
CVE-2023-24960
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send
7.5
HIGH
CVE-2023-24964
all versions
IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID:
6.2
MEDIUM
CVE-2023-23475
all versions
IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
4.6
MEDIUM
CVE-2022-47983
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2022-41733
< 11.7.1.4
IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the proc
5.3
MEDIUM
CVE-2022-40752
all versions
IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special element
9.8
CRITICAL
CVE-2022-40753
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2022-40747
all versions
"IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A
9.1
CRITICAL
CVE-2022-40235
all versions
"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to
6.5
MEDIUM
CVE-2022-35717
all versions
"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system b
7.8
HIGH
CVE-2022-35642
all versions
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4
MEDIUM
CVE-2022-30615
all versions
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary
5.4
MEDIUM
CVE-2022-30608
all versions
"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malic
8.8
HIGH
CVE-2022-22442
all versions
"IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated
6.5
MEDIUM
CVE-2022-22425
all versions
"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary comm
9.8
CRITICAL
CVE-2022-41291
all versions
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to imperso
6.5
MEDIUM
CVE-2022-36772
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be avail
6.5
MEDIUM
CVE-2012-4818
all versions
IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, c
6.5
MEDIUM
CVE-2022-40748
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2022-35715
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical err
7.5
HIGH
CVE-2022-22373
all versions
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation
5.4
MEDIUM
CVE-2022-31768
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statemen
9.8
CRITICAL
CVE-2022-22443
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2022-22441
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups
6.5
MEDIUM
CVE-2022-22427
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
6.1
MEDIUM
CVE-2022-22322
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2021-38952
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2021-38887
all versions
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response
6.5
MEDIUM
CVE-2021-38948
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A
9.1
CRITICAL
CVE-2021-29888
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malici
8.8
HIGH
CVE-2021-29875
all versions
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domai
7.5
HIGH
CVE-2021-29771
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2021-29738
all versions
IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). T
5.4
MEDIUM
CVE-2021-29737
all versions
IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST A
7.5
HIGH
CVE-2021-29730
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statemen
8.8
HIGH
CVE-2021-29712
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
6.1
MEDIUM
CVE-2021-29681
all versions
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTM
5.3
MEDIUM
CVE-2021-29747
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability
7.5
HIGH
CVE-2020-4997
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary J
5.4
MEDIUM
CVE-2020-27583
all versions
IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticate
9.8
CRITICAL
CVE-2020-4886
all versions
IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who
3.3
LOW
CVE-2020-4741
all versions
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to e
5.4
MEDIUM
CVE-2020-4740
all versions
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML cod
5.2
MEDIUM
CVE-2020-4727
all versions
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a
6.1
MEDIUM
CVE-2020-4702
all versions
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbi
5.4
MEDIUM
CVE-2020-4305
>= 11.7.0.0 and <= 11.7.1.1
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caus
8.8
HIGH
CVE-2020-4298
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to e
5.4
MEDIUM
CVE-2020-4286
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker t
6.5
MEDIUM
CVE-2020-4347
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropri
7.3
HIGH
CVE-2020-4162
all versions
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar
5.4
MEDIUM
CVE-2013-0507
all versions
IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability
8.1
HIGH
CVE-2019-4237
all versions
A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the
5.4
MEDIUM
CVE-2018-1845
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processi
7.1
HIGH
CVE-2019-4185
all versions
IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured compone
8.3
HIGH
CVE-2019-4238
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to e
5.4
MEDIUM
CVE-2018-1917
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitiv
3.5
LOW
CVE-2018-1906
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted
4.3
MEDIUM
CVE-2018-1727
all versions
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when pro
7.1
HIGH
CVE-2018-1701
all versions
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the i
8.5
HIGH
CVE-2018-1518
all versions
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to ob
6.2
MEDIUM
CVE-2018-1454
all versions
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by th
5.9
MEDIUM
CVE-2018-1432
all versions
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that a
6.1
MEDIUM
CVE-2017-1350
all versions
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due t
8.4
HIGH
CVE-2016-0250
>= 11.3 and < 11.3.1.2
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5
5.4
MEDIUM
CVE-2017-1469
all versions
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary fi
7.8
HIGH
CVE-2017-1495
all versions
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain high
4.9
MEDIUM
CVE-2017-1468
all versions
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary fi
7.8
HIGH
CVE-2017-1467
all versions
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or un
8.1
HIGH
CVE-2017-1383
all versions
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processin
9.1
CRITICAL
CVE-2017-1321
all versions
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to em
6.1
MEDIUM
CVE-2015-7493
all versions
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation pro
4.7
MEDIUM
CVE-2016-8999
all versions
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page
5.4
MEDIUM
CVE-2016-6059
all versions
IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error whe
8.1
HIGH
CVE-2016-5994
all versions
IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine
6.5
MEDIUM
CVE-2016-5984
all versions
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote
6.1
MEDIUM
CVE-2015-7490
all versions
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows re
3.1
LOW
CVE-2015-5021
all versions
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restr
CVE-2015-1901
all versions
The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive informa
CVE-2015-0180
all versions
The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass int
CVE-2014-3071
all versions
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attac
CVE-2013-4059
all versions
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP
CVE-2013-4058
all versions
Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x
CVE-2013-4057
all versions
Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x
CVE-2013-5440
all versions
IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic
CVE-2013-4056
all versions
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere
CVE-2013-4067
all versions
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cook
CVE-2013-4066
all versions
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks
CVE-2013-3040
all versions
IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the
CVE-2013-3034
<= 8.5
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows rem
CVE-2013-0585
all versions
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1
CVE-2013-0502
all versions
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allow
CVE-2012-5938
all versions
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions
CVE-2012-4832
all versions
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glo
CVE-2012-4819
all versions
Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console,
CVE-2012-0705
all versions
InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server
CVE-2012-0703
all versions
Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and
CVE-2012-0702
all versions
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine
CVE-2012-0701
all versions
The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.
CVE-2012-0700
all versions
The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not prop
CVE-2012-0205
all versions
InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not pro
CVE-2012-0204
all versions
Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBroke
CVE-2012-0203
all versions
Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Serv
CVE-2011-3124
all versions
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other
CVE-2011-3123
all versions
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other
CVE-2009-4240
all versions
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 be
CVE-2009-4239
all versions
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote atta
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin