Vulnerabilities > IBM > Infosphere Information Server

DATE CVE VULNERABILITY TITLE RISK
2025-01-24 CVE-2024-40706 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
network
low complexity
ibm CWE-497
4.3
2025-01-17 CVE-2024-52363 Path Traversal vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
7.5
2024-12-19 CVE-2021-29827 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim.
low complexity
ibm CWE-1021
5.2
2024-12-12 CVE-2024-52901 Improper Validation of Specified Quantity in Input vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.
network
low complexity
ibm CWE-1284
6.5
2024-12-11 CVE-2023-23472 Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
ibm CWE-497
6.5
2024-12-11 CVE-2024-51460 Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace.
network
low complexity
ibm CWE-209
4.3
2024-08-15 CVE-2024-40704 Insufficiently Protected Credentials vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2
IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers.
network
low complexity
ibm CWE-522
4.9
2024-08-15 CVE-2024-40705 Unspecified vulnerability in IBM Infosphere Information Server 11.7/11.7.0.1/11.7.0.2
IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads.
network
low complexity
ibm
6.5
2024-08-06 CVE-2024-39751 Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.
network
low complexity
ibm CWE-209
4.3
2024-07-26 CVE-2024-40689 Unspecified vulnerability in IBM products
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.
network
low complexity
ibm
critical
9.8