Ibm

Infosphere Information Server

169 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-36245

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 29.09.2025 23:15:30
  • Zuletzt bearbeitet 02.10.2025 19:12:42

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

5.9

CVE-2025-36034

  • EPSS 0.02%
  • Veröffentlicht 26.06.2025 15:14:10
  • Zuletzt bearbeitet 14.08.2025 20:57:36

IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques.

7.6

CVE-2025-0966

  • EPSS 0.18%
  • Veröffentlicht 25.06.2025 02:40:39
  • Zuletzt bearbeitet 08.07.2025 14:55:16

IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

4.3

CVE-2025-3629

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 21.06.2025 12:45:57
  • Zuletzt bearbeitet 08.07.2025 14:26:41

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management.

7.5

CVE-2025-3221

Medienbericht
  • EPSS 0.18%
  • Veröffentlicht 21.06.2025 12:44:26
  • Zuletzt bearbeitet 08.07.2025 14:26:53

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

6.5

CVE-2025-1499

  • EPSS 0.03%
  • Veröffentlicht 01.06.2025 11:30:58
  • Zuletzt bearbeitet 09.06.2025 18:08:54

IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.

4.3

CVE-2025-1138

  • EPSS 0.05%
  • Veröffentlicht 15.05.2025 20:11:03
  • Zuletzt bearbeitet 04.06.2025 20:02:53

IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.

3.7

CVE-2025-25046

  • EPSS 0.01%
  • Veröffentlicht 23.04.2025 22:24:43
  • Zuletzt bearbeitet 12.08.2025 17:58:41

IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.

4.3

CVE-2025-25045

  • EPSS 0.04%
  • Veröffentlicht 23.04.2025 22:23:10
  • Zuletzt bearbeitet 08.07.2025 19:51:38

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.

6.3

CVE-2024-22351

  • EPSS 0.04%
  • Veröffentlicht 23.04.2025 22:15:49
  • Zuletzt bearbeitet 08.07.2025 19:54:58

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.