Ibm Infosphere Information Server — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Infosphere Information Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (189)
CVE-2009-4240 — CVSS 10.0 (critical): Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1…
CVE-2022-31768 — CVSS 9.8 (critical): IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which…
CVE-2020-27583 — CVSS 9.8 (critical): IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated…
CVE-2022-40752 — CVSS 9.8 (critical): IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM…
CVE-2022-22425 — CVSS 9.8 (critical): "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on…
CVE-2012-0204 — CVSS 9.3 (critical): Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers &…
CVE-2021-38948 — CVSS 9.1 (critical): IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote…
CVE-2017-1383 — CVSS 9.1 (critical): IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML…
CVE-2022-40747 — CVSS 9.1 (critical): "IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote…
CVE-2025-36245 — CVSS 8.8 (high): IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated…
CVE-2021-29730 — CVSS 8.8 (high): IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which…
CVE-2023-32336 — CVSS 8.8 (high): IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI…
CVE-2021-29888 — CVSS 8.8 (high): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2020-4305 — CVSS 8.8 (high): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the…
CVE-2022-30608 — CVSS 8.8 (high): "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2018-1701 — CVSS 8.5 (high): IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the…
CVE-2024-51459 — CVSS 8.4 (high): IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
CVE-2017-1350 — CVSS 8.4 (high): IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to…
CVE-2019-4185 — CVSS 8.3 (high): IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM…
CVE-2017-1467 — CVSS 8.1 (high): A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or…
CVE-2023-40363 — CVSS 8.1 (high): IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission…
CVE-2016-6059 — CVSS 8.1 (high): IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when…
CVE-2017-1468 — CVSS 7.8 (high): IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in…
CVE-2025-33003 — CVSS 7.8 (high): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the…
CVE-2022-35717 — CVSS 7.8 (high): "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending…
CVE-2017-1469 — CVSS 7.8 (high): IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in…
CVE-2025-0966 — CVSS 7.6 (high): IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which…
CVE-2021-29875 — CVSS 7.5 (high): IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access…
CVE-2023-40699 — CVSS 7.5 (high): IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM…
CVE-2023-24960 — CVSS 7.5 (high): IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2025-3221 — CVSS 7.5 (high): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient…
CVE-2021-29737 — CVSS 7.5 (high): IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server…
CVE-2022-35715 — CVSS 7.5 (high): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2023-30441 — CVSS 7.5 (high): IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information…
CVE-2021-29747 — CVSS 7.5 (high): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the…
CVE-2020-4347 — CVSS 7.3 (high): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file…
CVE-2012-5938 — CVSS 7.2 (high): The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and…
CVE-2011-3124 — CVSS 7.2 (high): IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other…
CVE-2024-28798 — CVSS 7.2 (high): IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2011-3123 — CVSS 7.2 (high): IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other…
CVE-2018-1845 — CVSS 7.1 (high): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML…
CVE-2018-1727 — CVSS 7.1 (high): IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing…
CVE-2025-12531 — CVSS 7.1 (high): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing…
CVE-2025-36258 — CVSS 7.1 (high): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text…
CVE-2026-1567 — CVSS 7.1 (high): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server…
CVE-2012-0705 — CVSS 7.1 (high): InfoSphere Import Export Manager in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5…
CVE-2023-22877 — CVSS 7.0 (high): IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on…
CVE-2013-4056 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere…
CVE-2013-4057 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM InfoSphere Information Server 8.5.x through 8.5 FP3, 8.7.x through…
CVE-2022-22441 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a…
CVE-2021-38887 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests…
CVE-2012-0205 — CVSS 6.5 (medium): InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly…
CVE-2026-1014 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response…
CVE-2012-0701 — CVSS 6.5 (medium): The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before…
CVE-2012-4818 — CVSS 6.5 (medium): IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by…
CVE-2025-1499 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could…
CVE-2025-14807 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input…
CVE-2025-14790 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently…
CVE-2013-4058 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through…
CVE-2024-52901 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input…
CVE-2024-52363 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2024-40705 — CVSS 6.5 (medium): IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM…
CVE-2024-22352 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM…
CVE-2016-5994 — CVSS 6.5 (medium): IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier…
CVE-2022-41291 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate…
CVE-2020-4286 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute…
CVE-2022-40235 — CVSS 6.5 (medium): "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper…
CVE-2022-36772 — CVSS 6.5 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a…
CVE-2022-22442 — CVSS 6.5 (medium): "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated…
CVE-2024-28797 — CVSS 6.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2024-22351 — CVSS 6.3 (medium): IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate…
CVE-2025-14810 — CVSS 6.3 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could…
CVE-2022-47984 — CVSS 6.3 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which…
CVE-2018-1518 — CVSS 6.2 (medium): IBM InfoSphere Information Server 11.7 is affected by a weak password encryption vulnerability that could allow a local user to obtain…
CVE-2023-24964 — CVSS 6.2 (medium): IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.
CVE-2023-22878 — CVSS 6.2 (medium): IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID…
CVE-2018-1432 — CVSS 6.1 (medium): IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an…
CVE-2016-5984 — CVSS 6.1 (medium): IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker…
CVE-2017-1321 — CVSS 6.1 (medium): IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2020-4727 — CVSS 6.1 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to…
CVE-2021-29712 — CVSS 6.1 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-22427 — CVSS 6.1 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-50303 — CVSS 6.1 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2024-40689 — CVSS 6.0 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which…
CVE-2018-1454 — CVSS 5.9 (medium): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure…
CVE-2023-42019 — CVSS 5.9 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM…
CVE-2012-0703 — CVSS 5.8 (medium): Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7…
CVE-2013-4067 — CVSS 5.8 (medium): IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie…
CVE-2025-14974 — CVSS 5.7 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
CVE-2023-28529 — CVSS 5.5 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2015-0180 — CVSS 5.5 (medium): The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended…
CVE-2015-5021 — CVSS 5.5 (medium): IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions…
CVE-2020-4997 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2026-2483 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2020-4741 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed…
CVE-2026-1015 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an…
CVE-2020-4702 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-40748 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2020-4298 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2022-40753 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2020-4162 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-22322 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-47983 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2019-4238 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2019-4237 — CVSS 5.4 (medium): A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the…
CVE-2021-38952 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2021-29771 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-22443 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2025-14912 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an…
CVE-2024-40690 — CVSS 5.4 (medium): IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary…
CVE-2023-33843 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2021-29738 — CVSS 5.4 (medium): IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may…
CVE-2024-31898 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing…
CVE-2016-8999 — CVSS 5.4 (medium): IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks…
CVE-2016-0250 — CVSS 5.4 (medium): XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1…
CVE-2023-42009 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-42022 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-30615 — CVSS 5.4 (medium): "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2023-43015 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-46174 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2024-28795 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-50952 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to…
CVE-2023-50953 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2024-28794 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-50964 — CVSS 5.4 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-22373 — CVSS 5.4 (medium): An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of…
CVE-2022-35642 — CVSS 5.4 (medium): "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2025-36034 — CVSS 5.3 (medium): IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in…
CVE-2021-29681 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query…
CVE-2022-41733 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is…
CVE-2023-23473 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2023-24959 — CVSS 5.3 (medium): IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID…
CVE-2023-33857 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that…
CVE-2023-43021 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2024-35119 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2024-40706 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks…
CVE-2024-43186 — CVSS 5.3 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under…
CVE-2020-4740 — CVSS 5.2 (medium): IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which…
CVE-2021-29827 — CVSS 5.2 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to…
CVE-2013-3040 — CVSS 5.0 (medium): IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 produces login-failure messages indicating whether the username…
CVE-2017-1495 — CVSS 4.9 (medium): IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly…
CVE-2024-40704 — CVSS 4.9 (medium): IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers…
CVE-2026-2485 — CVSS 4.8 (medium): IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a…
CVE-2015-7493 — CVSS 4.7 (medium): IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes…
CVE-2025-12832 — CVSS 4.6 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an…
CVE-2023-25928 — CVSS 4.6 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2023-23475 — CVSS 4.6 (medium): IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2024-7577 — CVSS 4.4 (medium): IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
CVE-2009-4239 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to…
CVE-2023-38268 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2023-35898 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security…
CVE-2024-31902 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2026-2484 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose…
CVE-2024-39751 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2023-50954 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the…
CVE-2014-3071 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to…
CVE-2024-51460 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error…
CVE-2024-51477 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response…
CVE-2013-4066 — CVSS 4.3 (medium): IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by…
CVE-2025-1138 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks…
CVE-2013-4059 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and…
CVE-2018-1906 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP…
CVE-2013-0502 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote…
CVE-2025-25045 — CVSS 4.3 (medium): IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is…
CVE-2012-4819 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console…
CVE-2025-3629 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to…
CVE-2025-36422 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request…
CVE-2026-1262 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
CVE-2026-1265 — CVSS 4.3 (medium): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.
CVE-2012-0203 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1…
CVE-2012-0702 — CVSS 4.0 (medium): Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine…
CVE-2025-25046 — CVSS 3.7 (low): IBM InfoSphere Information Server 11.7 DataStage Flow Designer transmits sensitive information via URL or query parameters that could be…
CVE-2013-0585 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow…
CVE-2026-9836 — CVSS 3.5 (low): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
CVE-2013-3034 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allows remote…
CVE-2018-1917 — CVSS 3.5 (low): IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an authenticated user to access JSP files and disclose sensitive…
CVE-2023-35022 — CVSS 3.3 (low): IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM…
CVE-2020-4886 — CVSS 3.3 (low): IBM InfoSphere Information Server 11.7 stores sensitive information in the browser's history that could be obtained by a user who has…
CVE-2015-7490 — CVSS 3.1 (low): IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote…
CVE-2023-23472 — CVSS 3.1 (low): IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive…
CVE-2025-14808 — CVSS 3.1 (low): IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string…
CVE-2024-55895 — CVSS 2.7 (low): IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error…
CVE-2023-50955 — CVSS 2.4 (low): IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server…
CVE-2024-37533 — CVSS 2.4 (low): IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM…
CVE-2013-5440 — CVSS 2.1 (low): IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic…
CVE-2012-4832 — CVSS 1.9 (low): Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary…
CVE-2012-0700 — CVSS 1.9 (low): The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly…
CVE-2015-1901 — CVSS 1.9 (low): The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via…