Vulnerabilities > IBM > Infosphere Information Server ON Cloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-16 | CVE-2022-40752 | Command Injection vulnerability in IBM products IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. | 9.8 |
| 2022-11-03 | CVE-2022-22442 | Unspecified vulnerability in IBM products "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. | 6.5 |
| 2022-05-10 | CVE-2022-22454 | OS Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7 IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.8 |
| 2020-07-09 | CVE-2020-4305 | Deserialization of Untrusted Data vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 9.3 |
| 2020-05-19 | CVE-2020-4298 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 3.5 |
| 2020-05-19 | CVE-2020-4286 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-05-06 | CVE-2020-4384 | Cross-site Scripting vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. | 3.5 |
| 2019-07-01 | CVE-2019-4237 | Cross-site Scripting vulnerability in IBM products A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. | 5.4 |
| 2019-06-17 | CVE-2018-1845 | XXE vulnerability in IBM products IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2019-06-06 | CVE-2019-4257 | Information Exposure Through an Error Message vulnerability in IBM products IBM InfoSphere Information Server 11.5 and 11.7 is affected by an information disclosure vulnerability. | 4.3 |