Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product Infosphere Information Server
Total 107 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1906 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663.
CVE-2018-1701 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2019-10-09 6.0 MEDIUM 8.5 HIGH
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
CVE-2018-1518 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2019-10-09 2.1 LOW 5.5 MEDIUM
IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain highly sensitive information. IBM X-Force ID: 141682.
CVE-2018-1727 1 Ibm 1 Infosphere Information Server 2019-10-09 6.4 MEDIUM 9.1 CRITICAL
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.
CVE-2017-1350 1 Ibm 1 Infosphere Information Server 2019-10-09 7.2 HIGH 7.8 HIGH
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526.
CVE-2017-1467 1 Ibm 2 Infosphere Information Server, Softlayer 2019-10-02 6.8 MEDIUM 8.1 HIGH
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.
CVE-2017-1468 1 Ibm 2 Infosphere Information Server, Softlayer 2019-10-02 4.6 MEDIUM 7.8 HIGH
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467.
CVE-2016-0250 1 Ibm 1 Infosphere Information Server 2018-04-09 5.5 MEDIUM 5.4 MEDIUM
XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.
CVE-2015-7490 1 Ibm 1 Infosphere Information Server 2017-09-07 3.5 LOW 3.1 LOW
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.
CVE-2014-3071 1 Ibm 1 Infosphere Information Server 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.
CVE-2013-4059 1 Ibm 1 Infosphere Information Server 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified interfaces.
CVE-2013-0502 1 Ibm 1 Infosphere Information Server 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.
CVE-2013-0585 1 Ibm 1 Infosphere Information Server 2017-08-28 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) repository management user interfaces.
CVE-2013-3034 1 Ibm 1 Infosphere Information Server 2017-08-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the web console.
CVE-2013-5440 1 Ibm 1 Infosphere Information Server 2017-08-28 2.1 LOW N/A
IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.
CVE-2013-4067 1 Ibm 1 Infosphere Information Server 2017-08-28 5.8 MEDIUM N/A
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.
CVE-2013-4066 1 Ibm 1 Infosphere Information Server 2017-08-28 4.3 MEDIUM N/A
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface.
CVE-2013-3040 1 Ibm 1 Infosphere Information Server 2017-08-28 5.0 MEDIUM N/A
IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username or password is incorrect, which allows remote attackers to enumerate user accounts via a brute-force attack.
CVE-2013-4056 1 Ibm 1 Infosphere Information Server 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-4057 1 Ibm 1 Infosphere Information Server 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users.