Ibm

Infosphere Information Server

174 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-1567

  • EPSS 0.03%
  • Veröffentlicht 03.03.2026 20:40:06
  • Zuletzt bearbeitet 05.03.2026 21:29:11

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server.

5.3

CVE-2026-1265

  • EPSS 0.03%
  • Veröffentlicht 03.03.2026 19:42:08
  • Zuletzt bearbeitet 04.03.2026 17:36:29

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.

4.3

CVE-2025-12832

  • EPSS 0.07%
  • Veröffentlicht 08.12.2025 21:46:55
  • Zuletzt bearbeitet 10.12.2025 23:58:11

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or fac...

9.1

CVE-2025-12531

  • EPSS 0.22%
  • Veröffentlicht 03.11.2025 19:47:40
  • Zuletzt bearbeitet 05.11.2025 15:16:17

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory ...

7.8

CVE-2025-33003

  • EPSS 0.03%
  • Veröffentlicht 31.10.2025 13:15:33
  • Zuletzt bearbeitet 05.11.2025 19:52:28

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.

8.8

CVE-2025-36245

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 29.09.2025 23:15:30
  • Zuletzt bearbeitet 18.10.2025 01:24:24

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

5.9

CVE-2025-36034

  • EPSS 0.02%
  • Veröffentlicht 26.06.2025 15:14:10
  • Zuletzt bearbeitet 14.08.2025 20:57:36

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

7.6

CVE-2025-0966

  • EPSS 0.1%
  • Veröffentlicht 25.06.2025 02:40:39
  • Zuletzt bearbeitet 08.07.2025 14:55:16

IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

4.3

CVE-2025-3629

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 21.06.2025 12:45:57
  • Zuletzt bearbeitet 08.07.2025 14:26:41

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.

7.5

CVE-2025-3221

Medienbericht
  • EPSS 0.13%
  • Veröffentlicht 21.06.2025 12:44:26
  • Zuletzt bearbeitet 08.07.2025 14:26:53

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.