Ibm

Infosphere Information Server

172 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2025-25046

  • EPSS 0.01%
  • Veröffentlicht 23.04.2025 22:24:43
  • Zuletzt bearbeitet 12.08.2025 17:58:41

IBM InfoSphere Information Server 11.7 DataStage Flow Designer  transmits sensitive information via URL or query parameters that could be exposed to an unauthorized actor using man in the middle techniques.

4.3

CVE-2025-25045

  • EPSS 0.03%
  • Veröffentlicht 23.04.2025 22:23:10
  • Zuletzt bearbeitet 08.07.2025 19:51:38

IBM InfoSphere Information 11.7 Server authenticated user to obtain sensitive information when a detailed technical error message is returned in a request. This information could be used in further attacks against the system.

6.3

CVE-2024-22351

  • EPSS 0.04%
  • Veröffentlicht 23.04.2025 22:15:49
  • Zuletzt bearbeitet 08.07.2025 19:54:58

IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

5.3

CVE-2024-55895

  • EPSS 0.04%
  • Veröffentlicht 29.03.2025 13:15:40
  • Zuletzt bearbeitet 08.07.2025 17:22:06

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

6.5

CVE-2024-51477

Medienbericht
  • EPSS 0.04%
  • Veröffentlicht 28.03.2025 23:51:32
  • Zuletzt bearbeitet 07.07.2025 16:27:25

IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.

7.5

CVE-2024-7577

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 28.03.2025 23:50:36
  • Zuletzt bearbeitet 08.07.2025 17:26:02

IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.

6.5

CVE-2024-43186

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 28.03.2025 23:49:20
  • Zuletzt bearbeitet 08.07.2025 17:28:18

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.

7.8

CVE-2024-51459

  • EPSS 0.01%
  • Veröffentlicht 19.03.2025 18:08:06
  • Zuletzt bearbeitet 07.07.2025 16:58:53

IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.

4.3

CVE-2024-40706

  • EPSS 0.1%
  • Veröffentlicht 24.01.2025 16:15:36
  • Zuletzt bearbeitet 11.03.2025 17:58:30

IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.

7.5

CVE-2024-52363

  • EPSS 0.12%
  • Veröffentlicht 17.01.2025 02:15:25
  • Zuletzt bearbeitet 11.03.2025 17:53:21

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.